gnupg -- attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output

2016-08-17T00:00:00
ID E1C71D8D-64D9-11E6-B38A-25A46B33F2ED
Type freebsd
Reporter FreeBSD
Modified 2016-11-30T00:00:00

Description

Werner Koch reports:

There was a bug in the mixing functions of Libgcrypt's random number generator: An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output. This bug exists since 1998 in all GnuPG and Libgcrypt versions.