Ok, you made me actually look at pgp263iamulti06. :-)
I almost feel like I should apologize.
However, the entropy gathering seems overly optimistic:
*wince*That's quite a bit worse than I remember. (I haven't looked at 2.6.3 source code in probably 25 years.)
So, yeah. I'm comfortable calling the 2.6.3 CSPRNG system fatally compromised due to inadequate entropy gathering.
Thank you for looking into this!
OpenPGP_signature
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-users
