[PGP-USERS] FW: Serious bug in PGP - versions 5 and 6

Clive Jones clive@nsict.org
Thu, 24 Aug 2000 19:35:27 +0100

                                                    The worrying part to me is:
   "The problem won't go away until all vulnerable versions of PGP are retired,
   since it's the sender who is responsible for encrypting to the ADKs, not the

To be fair, this is nothing new. There are lots of ways a sender's
implementation could be broken so as to leak the secret information to
someone other than you, the recipient.

Generally, if Alice shares a secret piece of information with Bob,
it's at best as secure as the less secure of their respective systems.

Don't trust your secrets to people you don't trust. Trusting them not
to use broken software is just another part of that issue.


Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org