ComputerWorld: Flaw found in PGP 5.0

“Researchers say they’ve found a security flaw in the process by
which an older version of Pretty Good Privacy (PGP) encryption
software reads random numbers, making the cryptographic keys
potentially insecure.”

The flaw was discovered in the PGP 5.0 code base and is
specific to Linux and OpenBSD command-line versions.

“According to security researchers, PGP 5.0, created by PGP
Inc., generates public/private key pairs with no or only a small
amount of randomness under certain circumstances. PGP must gather
random numbers from reliable sources so that the keys cannot be
predicted by attackers. Versions 2.x and 6.5 of PGP aren’t affected
and nor are PGP versions ported to other platforms.”


Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis