Re: Bug in PgP2.6???
-----BEGIN PGP SIGNED MESSAGE----- At 4:06 PM 8/12/94, Derek Atkins wrote:
Gee, Claude, where have _you_ been hiding? Look at the date on that message.
As for using 2.6 -- I do. It's _only_ a factor in key generation, and it doesn't weaken key generation enough to be a concern.
Also, there is a planned bugfix release for sometime soon that will have the one character patch that fixes that problem.
Except that the fix has been a *long* time coming. Hasn't it been about a month since I complained about this? And there's still not even a simple readme on the distribution site. As I said before, if it's serious enough to shout to the world, "we goofed," then it's serious enough to take the ten seconds necessary to make the fix or make the instructions on how to do so obviously available. The EFF has sold us out, and this is making MIT look rather unprofessional.
-derek
b& -----BEGIN PGP SIGNATURE----- Version: 2.6 Comment: My key is not 'escrowed' with any government agency. iQCVAgUBLkxYmkNl71nP8jvVAQFh4QP/dKmW/OV4nLHknfFVKgJJqgwV9mwjsZ9n myekwvvI8liZmcjSwAJDxTjk4V7xMMrRbE/2zC1fcl7bstgP+5SvbQ/c0jMlPJJ6 i81CXYcIY8WQ5stQmNN+9Qi0wU8E2KUiw96+LgH4P9kc6059aKQYOb26qF3bypQB g5G015QkOQo= =8ala -----END PGP SIGNATURE----- -- Ben.Goren@asu.edu, Arizona State University School of Music net.proselytizing (write for info): We won! Clipper is dead! BUT! Just say no to key escrow. And stamp out spamming, too. Finger ben@tux.music.asu.edu for PGP 2.6 public key CFF23BD5.
Was this bug introduced in 2.6 or was it in previous versions?
It was introduced in 2.6 -- 2.6ui doesn't have this particular problem. There was a one-character patch sent along with the original mail describing the problem; in randpool.c the function xor_bytes is missing a "^" character. This was described fully in the mail. We expect that the next release of 2.6 will be the _final_ release of this code tree, and that future releases will be based on rewritten code. But I cannot guarantee that, it is onoly a hope (and a plan), not a way of life. -derek -- who is answering mail while on Vacation!
In article <aa72069f0502102406a8@[129.219.97.131]>, <ben.goren@asu.edu> wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Also, there is a planned bugfix release for sometime soon that will have the one character patch that fixes that problem.
As I said before, if it's serious enough to shout to the world, "we goofed," then it's serious enough to take the ten seconds necessary to make the fix or make the instructions on how to do so obviously available.
In the 'shout to the world' Colin gave the fix. It is easier to manually apply the fix than to run the patch program. It is unecessary anyway. ---------------------------------------------------------| | #include "std/disclaimer.h" Michael P. Brininstool | | mikepb@freke.lerctr.org OR mikepb@netcom.com | |---------------------------------------------------------
participants (4)
-
Ben.Goren@asu.edu -
Derek Atkins -
Jidan -
mikepb@freke.lerctr.org