Differences

This shows you the differences between two versions of the page.

--- pgpfan:tpp [2022/01/28 13:46] – punctuation. b.walzer
+++ pgpfan:tpp [2022/05/12 12:14] – More detail from better understanding. b.walzer
@@ Line 117: / Line 117: @@
 >Trevor Perrin worked the SEIP out to 16 whole bits of security.
-If you read the linked mailing list thread you will discover that this statement is quite misleading. Trevor Perrin was discussing an attack on MDC which at one point required guessing with only a one in 2^16 (65536) chance of getting the guess right. In the end he concluded [[https://mailarchive.ietf.org/arch/msg/openpgp/IGk9eq5QkSsXGLIa7Z9P1Qhd_Qg/|"There's a lot of caveats to this attack, so it's probably not
+If you read the linked mailing list thread you will discover that this statement is quite misleading. Trevor Perrin was discussing a particular attack on the MDC which at one point required guessing with only a one in 2^16 (65536) chance of getting the guess right. After some further discussion that attack turned out to be completely impractical. The discussion eventually ended with Trevor Perrin proposing a wildly impractical attack with the included comment: [[https://mailarchive.ietf.org/arch/msg/openpgp/IGk9eq5QkSsXGLIa7Z9P1Qhd_Qg/|"There's a lot of caveats to this attack, so it's probably not
-anything to seriously worry about:"]].
+anything to seriously worry about:"]]. This discussion was from the IETF OpenPGP standard mailing list. If any actual MDC weaknesses had come from the discussion then they would of been resolved at that time. There is no reason to think that the MDC is insecure. This discussion was part of the process intended to ensure that it is secure.
 >And, finally, even if everything goes right, the reference PGP implementation will (wait for it) release unauthenticated plaintext to callers, even if the MDC doesn’t match.