Debian Linux Security Advisory 3649-1 – Felix Doerre and Vladimir Klebanov from the Karlsruhe Institute of Technology discovered a flaw in the mixing functions of GnuPG’s random number generator. An attacker who obtains 4640 bits from the RNG can trivially predict the next 160 bits of output.