openpgp bug

Evan Prodromou
Thu Mar 22 08:46:04 2001

Hash: SHA1

>>>>> "LS" == L Sassaman <> writes:
LS> I miss-spoke. You are right about key ring formats, but this LS> bug has nothing to do with the key ring. LS> It has to do with how the secret key is encrypted, and that LS> *is* covered by OpenPGP. You are absolutely and completely correct, and I bow down in awe. I was wrong, wrong, wrong. If the sploit uses the fields in section of RFC 2440, -and- if GPG uses that format for storing secret keys, then I guess GPG would also be vulnerable. Completely shutting up now, ~ESP - -- Evan Prodromou -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (GNU/Linux) iD8DBQE6ua21ozwefHAKBVERAnqPAJ41WsRJvH0MxMOpcpcYSwVpRCSUPQCgz/9I gSe7azoyLlQN/BuSR5xDe0U= =53+f -----END PGP SIGNATURE-----