Someone has told me that pre-MIT versions of PGP may have compromised security because "the session key is hashed solely from the plaintext."
Is this true? What's the significance? Is there any weakness?
This is not true. The session key is based upon random input (key timings from the passphrase, and other sources of random input) as well as the randseed.bin file, which was generated by random keypresses at key generation. (It may also include other sources of randomness as well; I do not recall). This is only for the random session keys. If you use conventional crypto mode (pgp -c), then the IDEA key is based solely on the hash of the passphrase, and I believe the IV is not random (maybe it should be a random IV?) Hope this helps, Tim. -derek