ComputerWorld: Flaw found in PGP 5.0May 26, 2000, 19:51 (0 Talkback[s])
(Other stories by Ann Harrison)
"Researchers say they've found a security flaw in the process by which an older version of Pretty Good Privacy (PGP) encryption software reads random numbers, making the cryptographic keys potentially insecure."
"The flaw was discovered in the PGP 5.0 code base and is specific to Linux and OpenBSD command-line versions."
"According to security researchers, PGP 5.0, created by PGP Inc., generates public/private key pairs with no or only a small amount of randomness under certain circumstances. PGP must gather random numbers from reliable sources so that the keys cannot be predicted by attackers. Versions 2.x and 6.5 of PGP aren't affected and nor are PGP versions ported to other platforms."