[Announce] Security fixes for Libgcrypt and GnuPG 1.4 [CVE-2016-6316]

Kristian Fiskerstrand kristian.fiskerstrand at sumptuouscapital.com
Thu Aug 18 14:47:33 CEST 2016

On 08/18/2016 01:13 PM, Peter Gutmann wrote:
> Werner Koch <wk at gnupg.org> writes:
>> Felix Dörre and Vladimir Klebanov from the Karlsruhe Institute of Technology
>> found a bug in the mixing functions of Libgcrypt's random number generator:
>> An attacker who obtains 4640 bits from the RNG can trivially predict the next
>> 160 bits of output.  This bug exists since 1998 in all GnuPG and Libgcrypt
>> versions.
> Are any more details on what the problem is available?  This predates my

Have you seen
http://formal.iti.kit.edu/~klebanov/pubs/libgcrypt-cve-2016-6313.pdf ?

Kristian Fiskerstrand
Blog: https://blog.sumptuouscapital.com
Twitter: @krifisk
Public OpenPGP certificate at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
"Expect the best. Prepare for the worst. Capitalize on what comes."
(Zig Ziglar)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160818/568019e7/attachment.sig>

More information about the Gnupg-devel mailing list