Minor controversies continue to dog PGP. Just within the last year, two small faults in the released code were discovered. While experts agree that neither one presented any practical danger to the security of PGP-based communications, both sparked arguments about NAI's ability and even its intentions. In the first case, a fault in a specific version for Unix could, in principle, compromise a key generated by a method PGP had always deprecated: automatically, without user input.
Heh. A random number generator that produces an output of all zeros. Small flaw. No biggie.
Except for the me that generated a key that was vulnerable to that 0x149DCDDC However I believe there was an email attached to that and the signatures to that key, but apparently not anymore =) And its a big deal, can you say 0 strength key? Max Inux <maxinux@openpgp.net> 0xE42A7FB1 http://www.openpgp.net Key fingerprint = E4CA 2B4F 24FC B1BF E671 52D0 9E4B A590 E42A 7FB1 If crypto is outlawed only outlaws will have crypto. 'An it harm none, let it be done' PS, sorry if this is a repost, I posted it about 10 hours ago and it has not gone through ssz, so here it goes to OpenPGP