Hi again, folks --
...and then David @ BigFoot said...
%
% ...and then Jason Helfman said...
% % http://www.slashdot.org
%
% http://senderek.de/security/key-experiments.html
%
...
% vulnerable to attack. The other spoiler: it looks like it affects GPG,
% too, if you have a modified public key.
I've since been forwarded a couple of posts from the gnupg-users list.
Just in case anyone doesn't have the info, the correct version is
- gpg can be used to analyze the keys
- a gpg-generated version 4 key can be compromised
- gpg encryption, even with a compromised key, is no problem; gpg does
not pay attention to the ADK field
So if you use gpg for your encryption, you're fine; if you use pgp[56]*,
then you should ensure that the keys that you have are not compromised;
if your correspondent uses pgp[56]*, then you might take care to ensure
that s/he has a non-compromised copy of your key.
I hope that this clears up any questions generated by these posts :-)
:-D
--
David T-G * It's easier to fight for one's principles
(play) [EMAIL PROTECTED] * than to live up to them. -- fortune cookie
(work) [EMAIL PROTECTED]
http://www.bigfoot.com/~davidtg/ Shpx gur Pbzzhavpngvbaf Qrprapl Npg!
The "new millennium" starts at the beginning of 2001. There was no year 0.
Note: If bigfoot.com gives you fits, try sector13.org in its place. *sigh*
PGP signature