The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools


Modification Detection Code

Normally, when PGP is used for messaging a thing called a signature is used to detect any modifications made to the message while in transit. A signature can also be used to protect things like cloud stored backups from modification while the backup is out of the control of the people that made it. These messages and backups are usually also PGP encrypted but that step is optional.

You can also encrypt something without a signature. That might conceivably be done in a messaging context for an anonymous but private message. For something like a backup it might be done for the convenience of not having to keep a set of keys for the signature. An encrypted message can be modified either accidentally or purposefully. Encrypted but not signed messages/files are susceptible to such modifications and there would be no indication of that modification. That could be a serious problem in the case of something like a backup. The modification detection code (MDC) was added to PGP to detect such modification, mostly to cover the accidental modificaion case, but with the hope that it would make purposeful modification more difficult.

It was quickly pointed out that it could be removed entirely without any indication. In the PGP ecosystem a missing signature is treated as an invalid signature so this state of affairs is conceptually compatible with the primary check. If something or someone depends on the MDC then they have to treat a missing MDC code as a failure.

The MDC turned out to be surprisingly robust against attempts to forge it in a misleading way. There are attacks possible but they tend to be ridiculously impractical3). The MDC famously proved to be effective against the CFB gadget version of the EFAIL attack.

PGP FAN index

pgpfan/mdc.txt ยท Last modified: 2020/09/17 16:17 by b.walzer