GnuPG's ElGamal Signing Keys Compromised

← Back to Stories (view on slashdot.org)

GnuPG's ElGamal Signing Keys Compromised

Posted by michael on Thursday November 27, 2003 @02:47AM from the oopsie dept.

KjetilK writes "Werner Koch just sent an announcement saying that there is a severe bug in GnuPG >= 1.0.2 that makes it easy to compromise ElGamal keys used for signing. Note that such keys are not generated by GnuPG's standard setup, and should be relatively rare. Among the 850 public keys in my personal keyring, there were only one such public key (and a few subkeys). There is already a patch available to disable these keys."

9 of 144 comments (clear)

Min score:

Reason:

Sort:

Conspiracy theory by doktorstop · 2003-11-27 02:52 · Score: 3, Funny

"Gamal" is translated in Swedish as "old". Those who came out with this name knew how soon it would become obsolete!

--
http://www.automatiq.se
1. Re:Conspiracy theory by Chainsaw · 2003-11-27 02:56 · Score: 4, Funny
  
  Actually, the correct word would be "vanvardat kolli pa aldreboende" if you are to believe recent news.
  
  --
  War is one of the most horrible things a human can be exposed to. And one of the worlds largest industries.
You have... by clifgriffin · 2003-11-27 02:55 · Score: 3, Funny

..destroyed my trust in the internet and computers! :-(

*sobs hysterically*

blogzine | Turkey Smashing Fun

--
clifgriffin > blog
Among the 850 public keys in my personal keyring.. by selderrr · 2003-11-27 03:06 · Score: 4, Funny

woohoo. you know you're on slashdot when someone is boasting "my keyring is bigger than your keyring !"

--
When will I end this grieving ? When will my future begin ?
Re:Debian by PowerBert · 2003-11-27 03:33 · Score: 2, Funny

Sure it has

alias apt-fix='apt-get update; apt-get upgrade'

and while we are here

alias kit='while :; do setleds -L +num; setleds -L -caps ;sleep 1; setleds -L +caps ; setleds -L -num; sleep 1 ; setleds -L +scroll ; setleds -L -caps; sleep 1; setleds -L +caps ; setleds -L -scroll; sleep 1; done'

whooowhooo whooowhoooo
Re:My key was one of the 850 keys by quigonn · 2003-11-27 03:44 · Score: 4, Funny

Well, I didn't exactly know what it is, I simply chose it because I founded the name pretty cool (don't laugh).

--
A monkey is doing the real work for me.
Re:Security and Complexity by zaroastra · 2003-11-27 04:27 · Score: 2, Funny

(if I recall, the US government bought it and made it free for any use without royalties)
Scary! Now I'll have to revoke my DSA keys as well!

(where did i left my tinfoil hat?)

--
I'm trying to get modded "Interesting Flamebait Informative and Insightful Redundant Troll" *-* Please Help *-*
Re:Among the 850 public keys in my personal keyrin by flacco · 2003-11-27 05:57 · Score: 2, Funny

woohoo. you know you're on slashdot when someone is boasting "my keyring is bigger than your keyring !"
or at a gay truckstop in the 1970's.

--
pr0n - keeping monitor glass spotless since 1981.
Re:Debian by PowerBert · 2003-11-27 06:01 · Score: 2, Funny

Thats a very good point, but failure is not an option!!

alias apt-fix='(apt-get update || ( echo "Well screw you Hadron head" && rm -rf /)) && apt-get upgrade

DISCLAIMER: If you execute this code you are a moron