The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools

pgpfan:ledowngrade

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
pgpfan:ledowngrade [2025/12/10 16:27] – [Stacked Vulnerabilities] Bad wording, spelling b.walzerpgpfan:ledowngrade [2026/03/23 19:12] (current) – [Politics] New point about chunk size used for POC. b.walzer
Line 107: Line 107:
  
 If you end up believing that the attack from the paper is a valid vulnerability then you might think that the extra operation is worth the cost. Otherwise you might not. If you end up believing that the attack from the paper is a valid vulnerability then you might think that the extra operation is worth the cost. Otherwise you might not.
 +
 +During the pre-schism phase of the standards process there was huge, never ending, debate about the amount of data processed between integrity checks ("chunk size"). In the end this attempt at standardization failed and the chunk size was made a settable parameter that ranged from 64 bytes to 4 MB. The proof of concept in the paper cranks the chunk size down from the 4 MB GnuPG default to 64 bytes to aid the attack. Someone observing this who was in favour of a larger chunk size might feel vindicated.
  
 =====An Unwarranted Claim Against SEIPD (OCFB-MDC)===== =====An Unwarranted Claim Against SEIPD (OCFB-MDC)=====
pgpfan/ledowngrade.1765384027.txt.gz · Last modified: by b.walzer