+ An attacker who obtains 580 bytes of the random number from the standard
+ RNG can trivially predict the next 20 bytes of output.
+
+
+ This flaw does not affect the default generation of keys, because
+ running gpg for key creation creates at most 2 keys from the pool. For a
+ single 4096 bit RSA key, 512 bytes of random are required and thus for
+ the second key (encryption subkey), 20 bytes could be predicted from the
+ the first key.
+
+
+ However, the security of an OpenPGP key depends on the primary key
+ (which was generated first) and thus the 20 predictable bytes should not
+ be a problem. For the default key length of 2048 bit nothing will be
+ predictable.
+
+
+