|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] [SECURITY] New gnupg packages fix cryptographic weakness in ElGamal signing keys
|
On Mon, Jan 26, 2004 at 10:14:12PM -0500, Jeff Abrahamson wrote:
> For those who don't subscribe to debian-security-announce, note the
> attached bug announcement about gpg. I believe we had a thread on
> this list a while back about how you really didn't want to sign with
> El Gamal keys anyway, so this probably won't affect many here.
Just so people don't worry, this is the same old problem from back in
November. This is just a backport of some of the fix to GnuPG 1.0.6
for Debian woody.
> The bug fix just disables signing with an El Gamal key, it doesn't
> actually change mathematics.
Which is a bit of a problem, since it doesn't disable ALL signing with
an Elgamal key. If you think about it, there is still one way to make
an Elgamal signature...
David
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|