1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

18-year-old random number generator flaw fixed in Libgcrypt, GnuPG

Discussion in 'Help Net Security' started by RSS, Aug 22, 2016.

  1. RSS

    RSS New Member Member

    Researchers have discovered a “critical security problem” that affects all versions of the Libgcrypt cryptographic library and, therefore, all versions of the GnuPG (a.k.a. GPG) hybrid-encryption software. The researchers – Felix Dörre and Vladimir Klebanov of the Karlsruhe Institute of Technology, Germany – define the issue as a design flaw that exists in the mixing function of the Libgcrypt pseudorandom number generator (PRNG). “An attacker who obtains 4640 bits from the RNG can trivially predict … More →

    Continue reading...

Share This Page