On 04-08-2011 16:14, ved...@nym.hush.com wrote: > All that is necessary, is to use pre-canned primes, > (i.e. to generate a prime which falls within a range of primes > stored in an offsite area by the implementation.)
This would be fat to easy noticed by inspecting the sourcecode. If you just limited the generation of primes to Mersenne (2^n - 1) or Fermat numbers (2^n + 1) with a very limited range of n, decryption would still be easy but it would not be so easily noticed. An even more subtle way to add a backdoor would be tampering with the RNG that creates the session keys and the factors in key generation. A bug such as this existed in the Unix version of pgp 5.0 and it took quite some time before it was found. -- Met vriendelijke groet, Johan Wevers _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
