Libgcrypt/GnuPG RNG CVE

Serious GPG RNG 18 year bug discovered.

Damage seems limited at this point with no need to revoke keys. However this is a “brown paper bag” level advisory.


Really goes to show that you must only trust widely studied crypto implementations and keep your fingers crossed that nothing terrible is lurking somewhere in the code-base.

1 Like