The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools

pgpfan:tpp

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
pgpfan:tpp [2022/05/12 12:14] – More detail from better understanding. b.walzerpgpfan:tpp [2022/05/13 16:21] – More relevant to the issue. b.walzer
Line 117: Line 117:
 >Trevor Perrin worked the SEIP out to 16 whole bits of security. >Trevor Perrin worked the SEIP out to 16 whole bits of security.
  
-If you read the linked mailing list thread you will discover that this statement is quite misleading. Trevor Perrin was discussing a particular attack on the MDC which at one point required guessing with only a one in 2^16 (65536) chance of getting the guess rightAfter some further discussion that attack turned out to be completely impracticalThe discussion eventually ended with Trevor Perrin proposing a wildly impractical attack with the included comment: [[https://mailarchive.ietf.org/arch/msg/openpgp/IGk9eq5QkSsXGLIa7Z9P1Qhd_Qg/|"There's a lot of caveats to this attack, so it's probably not +This was wrong, but it was not Trevor Perrin's error. It turned out that the specification was wrong. Trevor Perrin was insightful enough to notice that the system described in the specification was vulnerable to this particular attackThe specification was corrected to what the implementations were actually doing and the vulnerability went awayThis discussion was from the IETF OpenPGP standard mailing list(([[https://mailarchive.ietf.org/arch/msg/openpgp/UYEBC7hnZNbMoNWrfz9zJQb_FUk/|The ITEF OpenPGP discussion thread about the security properties of the MDC.]])). If any actual MDC weaknesses had come from the discussion then they would of been resolved at that time. There is no reason to think that there is anything wrong with the MDC. This discussion was part of the process intended to ensure that the MDC is secure.
-anything to seriously worry about:"]]. This discussion was from the IETF OpenPGP standard mailing list. If any actual MDC weaknesses had come from the discussion then they would of been resolved at that time. There is no reason to think that the MDC is insecure. This discussion was part of the process intended to ensure that it is secure.+
  
 >And, finally, even if everything goes right, the reference PGP implementation will (wait for it) release unauthenticated plaintext to callers, even if the MDC doesn’t match. >And, finally, even if everything goes right, the reference PGP implementation will (wait for it) release unauthenticated plaintext to callers, even if the MDC doesn’t match.
pgpfan/tpp.txt · Last modified: 2024/05/02 13:39 by b.walzer