Slashdot Mirror

← Back to Stories (view on slashdot.org)

GnuPG's ElGamal Signing Keys Compromised

Posted by michael on from the oopsie dept.

KjetilK writes "Werner Koch just sent an announcement saying that there is a severe bug in GnuPG >= 1.0.2 that makes it easy to compromise ElGamal keys used for signing. Note that such keys are not generated by GnuPG's standard setup, and should be relatively rare. Among the 850 public keys in my personal keyring, there were only one such public key (and a few subkeys). There is already a patch available to disable these keys."

2 of 144 comments (clear)

  1. Re:Security and Complexity by black+mariah · · Score: 1, Troll

    The difference being that it would take MS 6 months to release a patch, and even then most sysadmins wouldn't apply it.

    --
    'Standards' in computing only impress those who are impressed by things like 'standards'.
  2. open source in crisis? by Anonymous Coward · · Score: 1, Troll

    Does this constitute a crisis in open source? I'm always advocating open source software with my employer and one of the biggest selling points is security.

    With this news, and the whole Debian security fiasco, this argument is getting more difficult to make.