GnuPG PRNG insecure?

David Shaw dshaw at
Fri Feb 15 21:33:01 CET 2002

On Thu, Feb 14, 2002 at 03:25:19PM -0500, Ben Pearre wrote:
> > Perhaps a cash-for-bugs "bounty" isn't the right thing, but in terms
> > of auditing, a little bit of money doesn't help, but if 20 people all
> > throw in a little bit of money...
> Money?  Pshaw.  Credit!  There could be a command-line option
> --list-contributors or some such, which makes it trivial to see who
> has helped with the program.  "...and the daring souls who found
> security flaws in the code:..."
> The key is being able to say during a job interview (OK, how many
> interviewers use GPG?) or a hot date (?!) "Run this command and see my
> name"... and have it take 10 seconds.

Heh.  Good point.  It would be far easier than saying "Go look at the
AUTHORS file"... :)


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list