Re: Minor PGP vulnerability

Lucky Green (shamrock@NETCOM.COM)
Wed, 16 Jul 1997 21:00:24 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Harald Weidner: "Minor PGP vulnerability"
Previous message: CERT Advisory: "CERT Advisory CA-97.21 - SGI Buffer Overflow Vulnerabilities"

At 11:02 PM 7/15/97 +0200, Harald Weidner wrote:
>As you might know, PGP uses a 32-Bit number, called key-ID, as
>an internal index for storing and recognizing keys. Although
>the key-ID's are quite randomly distributed within 31 of the
>32 bits (the key-ID is always odd), the scheme how this key id
>is derived from the (public) key is not cryptographically secure.

This is one more reason why the users of PGP should quickly move to the new
DSA/ElGamal keys used in PGP 5.0. An global effort is underway to scan and
proofread the printed source of PGP 5.0 after it was exported legally by a
subscriber of this list. Currently, 81% of the platform independent source
has been proofread. You can follow the progress at http://www.ifi.uio.no/pgp/

--Lucky Green <shamrock@netcom.com>
PGP encrypted mail preferred.
DES is dead! Please join in breaking RC5-56.
http://rc5.distributed.net/

Next message: Harald Weidner: "Minor PGP vulnerability"
Previous message: CERT Advisory: "CERT Advisory CA-97.21 - SGI Buffer Overflow Vulnerabilities"