libgcrypt's RSA-1024 and RSA-2048 broken

5 Jul 2017


      http://thehackernews.com/2017/07/gnupg-libgcrypt-rsa-encryption.html?utm_sou...
I believe most deployments of GnuTLS now use nettle instead of libgcrypt. But 
if you're on an older Debian or Ubuntu, using their packaged OpenLDAP built 
with GnuTLS, you should check what version of GnuTLS and libgcrypt you're using.
And you should seriously consider not using their package; rebuild from source 
with OpenSSL or get a package from LTB or Symas.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

libgcrypt's RSA-1024 and RSA-2048 broken