On 23-01-2022 21:23, Robert J. Hansen via Gnupg-users wrote: > No, the whole CSPRNG is (probably) compromised. PGP 2.6.3 used keyboard > interrupts harvested directly from the hardware to get a collection of > random bits which it then fed into the CSPRNG to be expanded out into a > large quantity of randomish bits.
Is this also used when generating symmetric keys? Or only used by secret key generation? If the last is the case, then existing keys generated on DOS (or Linux?) might be safe (apart from a possibly short key length). BTW, I remember I compiled 2.6.3ia with Visual Studio 5 on windows 95 and that was easy (just put all C files in a new project and build it). The added advantage was that I got long filename support without any code changes. I assume that it would work the same for the multi versions although I never tried, none of my contacts used those. -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users