On Fri, 10 Nov 2000, Meyer Wolfsheim wrote:
On Fri, 10 Nov 2000, Max Inux wrote:
Heh. A random number generator that produces an output of all zeros. Small flaw. No biggie.
Except for the me that generated a key that was vulnerable to that 0x149DCDDC However I believe there was an email attached to that and the signatures to that key, but apparently not anymore =) And its a big deal, can you say 0 strength key?
Sigh. No one seems to have an appreciation of sarcasm anymore.
The vulnerability was, of course, quite serious. The only way NAI dodged the bad publicity the bullet was by saying that no one was affected.
Are you saying they lied? Can you prove your key was affected?
The key was/is on the key server publish well prior to the anouncement of the bug, actually I believe I published it about a week after PGP 5.0 for Linux was released. You have the Key ID, grab it from the server. I know it was affected due to a phone call I got at 3:00 am the morning after the bug was discovered. when they looked through the key server for any key vulnerable. Useride: khercs 0x149DCDDC DH/DSS 4096/1024 10/18/1997 Never IDEA C2FC 876D 2D59 1710 7DA2 12FD 2948 FD98 149D CDDC William Tiemann <maxinux@openpgp.net> 0xE42A7FB1 http://www.openpgp.net Key fingerprint = E4CA 2B4F 24FC B1BF E671 52D0 9E4B A590 E42A 7FB1 If crypto is outlawed only outlaws will have crypto.