[FORGED] Re: [Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Thu Aug 18 15:07:35 CEST 2016
Kristian Fiskerstrand <kristian.fiskerstrand at sumptuouscapital.com> writes:
>Have you seen
>http://formal.iti.kit.edu/~klebanov/pubs/libgcrypt-cve-2016-6313.pdf ?
Ah, thanks. So that matches the problem I saw when I looked at the code (see
my followup post). Experimental repeatability achieved :-).
(OK, not quite, when I tried to sketch out what was going on I had the hole in
the wrong place in my diagram, it's after the first 20 bytes, not right at the
start).
Peter.
More information about the Gnupg-devel
mailing list