PGP's +makerandom is broken (was: Re: Article on PGP flaws)
Jeffrey I. Schiller
jis at MIT.EDU
Sat Apr 20 22:44:32 PDT 1996
-----BEGIN PGP SIGNED MESSAGE-----
On April 16, 1996 jf_avon at citenet.net said:
> I fed the result of
> pgp +makerandom=2000 rnd.pgp
> into noisesphere.exe
>
> Every times, it gives a distribution that looks like a zebra from the
> top view. Any comments?
This is a bug in PGP. +makerandom doesn't work properly. I discovered
this a few week ago myself when I needed some random numbers for
another project. Due to a programming bug, the idea based random number
generator doesn't get initialized (read: doesn't get seeded at all)
when +makerandom is used. Note: +makerandom is an undocumented feature.
IMPORTANT: Only +makerandom is effected. In normal use PGP properly
generates random session keys as well as RSA public key pairs.
-Jeff
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQCVAwUBMXmiyMUtR20Nv5BtAQHiYwP/dEAf5w0KstdALRabGYeUOlhEEN+fvVJH
+TE215jh91EvPP2h9XqnOS5tWKiHpAjoRng5yUF6vyfD9rsHTS9EkCPC+yrlAkPb
E5XrnAsOx3W1EkkT2kA15RDePt8lOpXetltNVBsGqBMEupCFExYldz7h6o9g9DQj
e+NSMQZzIB8=
=m21a
-----END PGP SIGNATURE-----
More information about the cypherpunks-legacy
mailing list