Re: [PLUG] Severe Bug in GnuPG

gabriel rosenkoetter on 28 Nov 2003 08:08:02 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Severe Bug in GnuPG

From: gabriel rosenkoetter <gr@eclipsed.net>

To: PLUG <plug@lists.phillylinux.org>

Subject: Re: [PLUG] Severe Bug in GnuPG

Date: Fri, 28 Nov 2003 08:07:58 -0500

Mail-followup-to: PLUG <plug@lists.phillylinux.org>

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.4.1i

On Thu, Nov 27, 2003 at 08:04:08PM -0500, LeRoy Cressy wrote: > I saw this link on /. tonight and I thought that you wold like to know. > > http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000276.html Note that it is VERY unlikely that this applies to you. There are about 20 ElGamal *signature* keys on the keyservers. ElGamal is painfully slow as a signature algorithm and produces copiously more output than signing with DSA or RSA does. Most of you will probably see ElGamal mentioned on your PGP keys, since GnuPG's default these days is to generate a DSA signing key and an ElGamal encryption key, but this is not a situation about which you should be concerned, as I understand it. It's only if you're using ElGamal for signing that there's a problem. This problem is even worse if you've been using the SAME ElGamal key for signing and encryption (which you really shouldn't do anyway; you should always use different keys for signing and encryption; again, GnuPG does this for you already). -- gabriel rosenkoetter gr@eclipsed.net
Attachment: pgpNkiIN4pWwF.pgp
Description: PGP signature

Follow-Ups:

Re: [PLUG] Severe Bug in GnuPG
From: Walt Mankowski <waltman@pobox.com>

References:

[PLUG] Severe Bug in GnuPG
From: LeRoy Cressy <ldc@lrcressy.com>

Prev by Date: [PLUG] Re: [OT]Twiki Setup

Next by Date: Re: [PLUG] Severe Bug in GnuPG

Previous by thread: [PLUG] Severe Bug in GnuPG

Next by thread: Re: [PLUG] Severe Bug in GnuPG

Index(es):

Date

Thread