Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Minor PGP vulnerability
From: shamrock () NETCOM COM (Lucky Green)
Date: Wed, 16 Jul 1997 21:00:24 -0700

At 11:02 PM 7/15/97 +0200, Harald Weidner wrote:
As you might know, PGP uses a 32-Bit number, called key-ID, as
an internal index for storing and recognizing keys. Although
the key-ID's are quite randomly distributed within 31 of the
32 bits (the key-ID is always odd), the scheme how this key id
is derived from the (public) key is not cryptographically secure.

This is one more reason why the users of PGP should quickly move to the new
DSA/ElGamal keys used in PGP 5.0. An global effort is underway to scan and
proofread the printed source of PGP 5.0 after it was exported legally by a
subscriber of this list. Currently, 81% of the platform independent source
has been proofread. You can follow the progress at http://www.ifi.uio.no/pgp/

--Lucky Green <shamrock () netcom com>
  PGP encrypted mail preferred.
  DES is dead! Please join in breaking RC5-56.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]