When generating the key-pair with Re: pgp263iamulti06, the "randomness" is obtained by user's keyboard input. Is it then that the above applies only when the session key is generated?
No, the whole CSPRNG is (probably) compromised. PGP 2.6.3 used keyboard interrupts harvested directly from the hardware to get a collection of random bits which it then fed into the CSPRNG to be expanded out into a large quantity of randomish bits. It's just that when generating a new certificate it always replenished the CSPRNG's entropy -- when generating traffic it didn't, but the CSPRNG was still dependent on the randomness collected earlier.
On Windows, you no longer have this direct access to hardware and there's almost certainly some determinism introduced by the HAL.
the command-line build tools were still available). So is the same (i.e., a problematic source of randomness when generating the session key) likely to be the case compiling/running 2.6.3iamulti06 under Linux today?
I wouldn't say "almost definitely" the way I do for DOS, but I'd still say I'd find it a disturbing possibility I'd want to investigate and rule out before I used PGP 2.6.3 in a UNIX environment.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
