CDR: Re: Phil Zimmerman Profiled

Max Inux maxinux at openpgp.net
Thu Nov 9 23:48:54 PST 2000


>> Minor controversies continue to dog PGP. Just within the last year, two
>> small faults in the released code were discovered. While experts agree that
>> neither one presented any practical danger to the security of PGP-based
>> communications, both sparked arguments about NAI's ability and even its
>> intentions. In the first case, a fault in a specific version for Unix could,
>> in principle, compromise a key generated by a method PGP had always
>> deprecated: automatically, without user input.
>
>Heh. A random number generator that produces an output of all zeros. Small
>flaw. No biggie.

Except for the me that generated a key that was vulnerable to that
0x149DCDDC  However I believe there was an email attached to that and the
signatures to that key, but apparently not anymore =)  And its a big deal,
can you say 0 strength key?

Max Inux
<maxinux at openpgp.net> 0xE42A7FB1 http://www.openpgp.net
Key fingerprint = E4CA 2B4F 24FC B1BF E671  52D0 9E4B A590 E42A 7FB1
       If crypto is outlawed only outlaws will have crypto.
               'An it harm none, let it be done'


PS, sorry if this is a repost, I posted it about 10 hours ago and it has
not gone through ssz, so here it goes to OpenPGP






More information about the cypherpunks-legacy mailing list