Hello, welcome to the Monday, August 22nd, 2016 edition, Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and the Am recording from Jacksonville, Florida.

The Knew Privacy Guarder, Knew P project, fixed a buck in the way it is.

Random numbers to create keys.

Random numbers for key creation has always been sort of an detail of a lot of these encryption algorithms.

This bug apparently wasn't a software for 18 years.

What it means in a little bit more practical terms is that if an attacker can observe 4,640 bits of random numbers from the

PGP random number generator, then they can guess the next 160 bits.

So essentially these random number generators aren't really all that random. Now what does this mean for actual

practical weaknesses in PGP or better KnewPG? Well, where it really matters is the creation.

So one possible advice here is you to recreate your GPG keys with more recent versions.

However, the developers of Knoopi advise against a hasty replacement of your keys, first of all, this does not affect RSA keys.

So only DSA and El Jamal keys are actually affected by

this vulnerability. And secondly, in order to exploit the vulnerability, the attacker would

have to have access to 4,640 bits off your random generator right before you created your keys.

So I don't really see a practically attack scenario here, but again, it's best practice to occasionally

expire your PGP keys. So maybe do it over the next couple of months as you find

the time to do so correctly. Make

sure you are using a system that has been patched, of course. The update was released on August

17th. It has been heavily discussed in the news that VickyLeaks published some large unfiltered email dumps recently.

If you are looking through these emails to explore what was being published here, be aware

that since these emails haven't been filtered, they also include the usual set of malicious emails that you tend to find in any kind of inbox.

...