Re: Stupid hash question?

ietf-openpgp

Re: Stupid hash question?

2005-05-31 05:55:23


On Tue, 31 May 2005 10:52:03 +0200 (CEST), Konrad Rosenbaum said:

However, these signatures are not worth anything, since they leak the key
and are easily forgable after the first signature. So bothering with


That is not correct.  They leak the key only when used with broken
software or when the key has been created with such software.  Certain
versions of GnuPG (1.0.2 - 1.3.3) were broken and thus one should
better assume that the key has been broken. See
http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000160.html for
details.


Salam-Shalom,

   Werner

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Stupid hash question?, (continued) Re: Stupid hash question?, Ben Laurie Re: Stupid hash question?, Peter Gutmann Re: Stupid hash question?, Ben Laurie Re: Stupid hash question?, Konrad Rosenbaum Re: Stupid hash question?, Ben Laurie Re: Stupid hash question?, Konrad Rosenbaum Re: Stupid hash question?, Ben Laurie Re: Stupid hash question?, Jon Callas Re: Stupid hash question?, Werner Koch Re: Stupid hash question?, Ian G Re: Stupid hash question?, Werner Koch <= Re: Stupid hash question?, "Hal Finney" Re: Stupid hash question?, Ben Laurie Re: Stupid hash question?, "Hal Finney"

Previous by Date:	Re: Stupid hash question?, Ian G
Next by Date:	Re: Problems with calculating signatures over keys, "Hal Finney"
Previous by Thread:	Re: Stupid hash question?, Ian G
Next by Thread:	Re: Stupid hash question?, "Hal Finney"
Indexes:	[Date] [Thread] [Top] [All Lists]