diff --git a/g10/ChangeLog b/g10/ChangeLog index 897836191..849e6931a 100644 --- a/g10/ChangeLog +++ b/g10/ChangeLog @@ -1,3 +1,9 @@ +2003-12-15 Werner Koch + + * seckey-cert.c (protect_secret_key): Use gry_create_nonce for the + IV; there is not need for real strong random here and it even + better protect the random bits used for the key. + 2003-11-16 Moritz Schulte * signal.c: Removed unused file. diff --git a/g10/seckey-cert.c b/g10/seckey-cert.c index 5b0238240..7356cb224 100644 --- a/g10/seckey-cert.c +++ b/g10/seckey-cert.c @@ -346,8 +346,7 @@ protect_secret_key( PKT_secret_key *sk, DEK *dek ) assert( sk->protect.ivlen <= DIM(sk->protect.iv) ); if( sk->protect.ivlen != 8 && sk->protect.ivlen != 16 ) BUG(); /* yes, we are very careful */ - gcry_randomize (sk->protect.iv, sk->protect.ivlen, - GCRY_STRONG_RANDOM); + gcry_create_nonce (sk->protect.iv, sk->protect.ivlen); gcry_cipher_setiv( cipher_hd, sk->protect.iv, sk->protect.ivlen ); if( sk->version >= 4 ) { unsigned char *bufarr[PUBKEY_MAX_NSKEY];