[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

Libgcrypt/GnuPG RNG CVE

Serious GPG RNG 18 year bug discovered.

Damage seems limited at this point with no need to revoke keys. However this is a “brown paper bag” level advisory.

https://phoronix.com/scan.php?page=news_item&px=GnuPG-Critical-Security-Issue

http://lists.gnu.org/archive/html/info-gnu/2016-08/msg00008.html

CVE-2016-6316


Really goes to show that you must only trust widely studied crypto implementations and keep your fingers crossed that nothing terrible is lurking somewhere in the code-base.

1 Like
[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]