Minor controversies continue to dog PGP. Just within the last year, two small faults in the released code were discovered. While experts agree that neither one presented any practical danger to the security of PGP-based communications, both sparked arguments about NAI's ability and even its intentions. In the first case, a fault in a specific version for Unix could, in principle, compromise a key generated by a method PGP had always deprecated: automatically, without user input.
Heh. A random number generator that produces an output of all zeros. Small flaw. No biggie.
Except for the me that generated a key that was vulnerable to that
0x149DCDDC However I believe there was an email attached to that and the
signatures to that key, but apparently not anymore =) And its a big deal,
can you say 0 strength key?
Max Inux