Chapter 9. Bugs

(From the FAQ maintainer:) Note that this list needs to be updated, check the vendors website for more current information in the meantime.

Q: Where do I send bug reports?
Q: What bugs have been found in PGP?

Q: Where do I send bug reports?

A: Bugs related to MIT PGP should be sent to pgp-bugs@mit.edu. You will want to check the MIT PGP FAQ with the complete bug list for MIT PGP before reporting a bug to make sure that the bug hasn't been reported already. If it is a serious bug, you should also post it to comp.security.pgp.announce or .tech. Serious bugs are bugs that affect the security of the program, not compile errors or small logic errors.

Post all of your bug reports concerning non-MIT versions of PGP to comp.security.pgp.tech, and forward a copy to me for possible inclusion in future releases of the FAQ. Please be aware that the authors of PGP might not acknowledge bug reports sent directly to them. Posting them on USENET will give them the widest possible distribution in the shortest amount of time.

Q: What bugs have been found in PGP?

A: The following list of bugs is limited to version 2.4 and later, and is limited to the most commonly seen and serious bugs. For bugs in earlier versions, refer to the documentation included with the program. If you find a bug not on this list, follow the procedure above for reporting it.

  • MIT PGP 2.6 had a bug in the key generation process which made keys generated by it much less random. Fixed in 2.6.1.

  • All versions of PGP except MIT PGP 2.6.2 are susceptible to a "buglet" in clearsigned messages, making it possible to add text to the beginning of a clearsigned message. The added text does not appear in the PGP output after the signature is checked. MIT PGP 2.6.2 now does not allow header lines before the text of a clearsigned message and enforces RFC 822 syntax on header lines before the signature. Since this bug appears at checking time, however, you should be aware of this bug even if you use MIT PGP 2.6.2 - the reader may check your signed message with a different version and not read the output.

  • MIT PGP 2.6.1 was supposed to handle keys between 1024 and 2048 bits in length, but could not. Fixed in 2.6.2.

  • MIT PGP 2.6.2 was supposed to enable the generation of keys up to 2048 bits after December 25, 1994; a one-off bug puts that upper limit at 2047 bits instead. It has been reported that this problem does not appear when MIT PGP is compiled under certain implementations of Unix. The problem is fixed in versions 2.7.1 and 2.6.2i, as well as the Mac versions.

  • PGP 2.6ui continues to exhibit the bug in 2.3a where conventionally encrypted messages, when encrypted twice with the same pass phrase, produce the same ciphertext.

  • The initial release of PGP 2.6.2i contained a bug related to clearsigned messages; signed messages containing international characters would always fail. For that reason, it was immediately pulled from distribution and re-released later, minus the bug. If you have problems with 2.6.2i, make sure you downloaded your copy after 7 May 1995.

  • As reported by Steven Markowitz, the following bugs exist in PGP 4.0 Business Edition (the commercial version):

    1. Signature retirement does not work. When I retire a key signature, PGP still treats the key as signed. If I remove the signature from pubring.pgp, but leave the retirement certificate in the keyring, PGP still treats the key as signed.

    2. Although encrypt-only keys cannot be used to sign documents, PGP allows them to be used to make key signatures.



  • The international version of PGP has the undocumented +makerandom command, which can generate a file full of random data. Unfortunately, it does not work as intended, because the random number generator is not initialized properly. This does not affect normal PGP operation; the bug is only present when +makerandom is used.