Johan Wevers johanw at
Sun Jan 23 23:49:43 CET 2022

On 23-01-2022 21:23, Robert J. Hansen via Gnupg-users wrote:

> No, the whole CSPRNG is (probably) compromised.  PGP 2.6.3 used keyboard
> interrupts harvested directly from the hardware to get a collection of
> random bits which it then fed into the CSPRNG to be expanded out into a
> large quantity of randomish bits.

Is this also used when generating symmetric keys? Or only used by secret
key generation? If the last is the case, then existing keys generated on
DOS (or Linux?) might be safe (apart from a possibly short key length).

BTW, I remember I compiled 2.6.3ia with Visual Studio 5 on windows 95
and that was easy (just put all C files in a new project and build it).
The added advantage was that I got long filename support without any
code changes. I assume that it would work the same for the multi
versions although I never tried, none of my contacts used those.

ir. J.C.A. Wevers
PGP/GPG public keys at

More information about the Gnupg-users mailing list