The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools


pgpfan:cipherfeedback

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
pgpfan:cipherfeedback [2022/04/30 20:07] – Visual aid. Some elaboration and tinkering. b.walzerpgpfan:cipherfeedback [2022/05/09 17:05] (current) – Clearer b.walzer
Line 32: Line 32:
 OpenPGP has multiple implementations in common use. So a user of OpenPGP can be sure of CFB protection. The user of a system that merely checks for modification can not be entirely sure that the check is currently protective. Message modification is very rare. A broken check might not be noticed for a long time. OpenPGP has multiple implementations in common use. So a user of OpenPGP can be sure of CFB protection. The user of a system that merely checks for modification can not be entirely sure that the check is currently protective. Message modification is very rare. A broken check might not be noticed for a long time.
  
-The [[https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf|EFAIL]] vulnerability is an excellent example of this. It involved the modification of OpenPGP formatted messages. It turned out that some email clients were sending these modified messages to an an interpreter that leaked data (HTML) after decrypting them. The clients in question were ignoring the OpenPGP provided modification check ([[pgpfan:mdc)|MDC]]). CFB contributed significantly to the difficulty and impracticality of the attack.+The [[https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-poddebniak.pdf|EFAIL]] vulnerability is an excellent example of this. It involved the modification of OpenPGP formatted messages. It turned out that some email clients were sending these modified messages to an an interpreter that leaked data (HTML) after decrypting them. The clients in question were ignoring the warning from the OpenPGP provided modification detection check ([[pgpfan:mdc)|MDC]]). CFB contributed significantly to the difficulty and impracticality of the attack.
  
pgpfan/cipherfeedback.1651349279.txt.gz · Last modified: 2022/04/30 20:07 by b.walzer