Security Flaw in OpenPGP Key Format

[24 Mar 2001] A Czech information security firm has found a security flaw in the OpenPGP key format, as used by PGP, GnuPG and other PGP implemenations. The flaw makes it possible for attackers to forge a PGP signature if they can get hold of your private key, even if they don't know the pass phrase.

For more information on this problem, see

• Wired News article [http://www.wired.com/news/print/0,1294,42553,00.html]
  
• press release [http://www.i.cz/en/onas/tisk4.html]
  
• technical paper [http://www.i.cz/en/pdf/openPGP_attack_ENGvktr.pdf]