Robert J. Hansen
rjh at sixdemonbag.org
Sun Jan 23 21:23:51 CET 2022
> When generating the key-pair with Re: pgp263iamulti06, the
> "randomness" is obtained by user's keyboard input. Is it
> then that the above applies only when the session key is
No, the whole CSPRNG is (probably) compromised. PGP 2.6.3 used keyboard
interrupts harvested directly from the hardware to get a collection of
random bits which it then fed into the CSPRNG to be expanded out into a
large quantity of randomish bits. It's just that when generating a new
certificate it always replenished the CSPRNG's entropy -- when
generating traffic it didn't, but the CSPRNG was still dependent on the
randomness collected earlier.
On Windows, you no longer have this direct access to hardware and
there's almost certainly some determinism introduced by the HAL.
> the command-line build tools were still available). So is
> the same (i.e., a problematic source of randomness when
> generating the session key) likely to be the case
> compiling/running 2.6.3iamulti06 under Linux today?
I wouldn't say "almost definitely" the way I do for DOS, but I'd still
say I'd find it a disturbing possibility I'd want to investigate and
rule out before I used PGP 2.6.3 in a UNIX environment.
More information about the Gnupg-users