[FORGED] Re: [Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]

Peter Gutmann pgut001 at cs.auckland.ac.nz
Thu Aug 18 15:07:35 CEST 2016

Kristian Fiskerstrand <kristian.fiskerstrand at sumptuouscapital.com> writes:

>Have you seen
>http://formal.iti.kit.edu/~klebanov/pubs/libgcrypt-cve-2016-6313.pdf ?

Ah, thanks.  So that matches the problem I saw when I looked at the code (see
my followup post).  Experimental repeatability achieved :-).

(OK, not quite, when I tried to sketch out what was going on I had the hole in
the wrong place in my diagram, it's after the first 20 bytes, not right at the


More information about the Gnupg-devel mailing list