A fatal flaw in PGP 6.0

Lutz Donnerhacke lutz at taranis.iks-jena.de
Tue Feb 3 12:08:28 PST 1998

* Anonymous wrote:
>>Unable to find key "ghost at nsa.gov"
>>Please obtain a new key from Network associates.

>Anyone like to confirm this?

No the key requested is 'snoop at microsoft.com'.

But the ROT13 encoding is true even for PGP5. If you move or rename the
randseed.bin to an other location (i.E. to install pgp2.6.3(i)n and pgp5
simultanusly) the file will be modified, but all encrypted messages have the
same session key.

On the other hand pgp5 does not confirm the OpenPGP draft. A converter can
be found at ftp://ftp.iks-jena.de/pub/mitarb/lutz/crypt/software/pgp/OpenPGP/

More information about the Testlist mailing list