CDR: Re: Phil Zimmerman Profiled

Max Inux maxinux at openpgp.net
Fri Nov 10 18:29:25 PST 2000


On Fri, 10 Nov 2000, Meyer Wolfsheim wrote:
>On Fri, 10 Nov 2000, Max Inux wrote:
>
>> >Heh. A random number generator that produces an output of all zeros. Small
>> >flaw. No biggie.
>>
>> Except for the me that generated a key that was vulnerable to that
>> 0x149DCDDC  However I believe there was an email attached to that and the
>> signatures to that key, but apparently not anymore =)  And its a big deal,
>> can you say 0 strength key?
>
>Sigh. No one seems to have an appreciation of sarcasm anymore.
>
>The vulnerability was, of course, quite serious. The only way NAI dodged
>the bad publicity the bullet was by saying that no one was affected.
>
>Are you saying they lied? Can you prove your key was affected?

The key was/is on the key server publish well prior to the anouncement of
the bug, actually I believe I published it about a week after PGP 5.0 for
Linux was released.

You have the Key ID, grab it from the server.  I know it was affected due
to a phone call I got at 3:00 am the morning after the bug was discovered.
when they looked through the key server for any key vulnerable.

Useride: khercs
0x149DCDDC
DH/DSS
4096/1024
10/18/1997
Never
IDEA
C2FC 876D 2D59 1710 7DA2 12FD 2948 FD98 149D CDDC

William Tiemann
<maxinux at openpgp.net> 0xE42A7FB1 http://www.openpgp.net
Key fingerprint = E4CA 2B4F 24FC B1BF E671  52D0 9E4B A590 E42A 7FB1
       If crypto is outlawed only outlaws will have crypto.








More information about the cypherpunks-legacy mailing list