pgpfan:tpp
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
pgpfan:tpp [2022/05/12 12:14] – More detail from better understanding. b.walzer | pgpfan:tpp [2022/05/29 00:35] – I implicitly agreed with a incorrect statement. I need to fix that. b.walzer | ||
---|---|---|---|
Line 103: | Line 103: | ||
>The PGP MDC can be stripped off messages –– it was encoded in such a way that you can simply chop off the last 22 bytes of the ciphertext to do that. | >The PGP MDC can be stripped off messages –– it was encoded in such a way that you can simply chop off the last 22 bytes of the ciphertext to do that. | ||
- | This is true. It just means that a missing | + | Well, sure, you could do that. An implementation would probably end with some sort of end of file/ |
>To retain backwards compatibility with insecure older messages, PGP introduced a new packet type to signal that the MDC needs to be validated; if you use the wrong type, the MDC doesn’t get checked. | >To retain backwards compatibility with insecure older messages, PGP introduced a new packet type to signal that the MDC needs to be validated; if you use the wrong type, the MDC doesn’t get checked. | ||
- | That's just a different implication of the fact that MDCs can be stripped. | + | An application |
>Even if you do, the new SEIP packet format is close enough to the insecure SE format that you can potentially trick readers into downgrading; | >Even if you do, the new SEIP packet format is close enough to the insecure SE format that you can potentially trick readers into downgrading; | ||
- | Which would mean that the MDC was not mandatory where required. Yet another implication | + | We have a problem here. The juxtaposition |
- | + | ||
- | The author again mentions | + | |
>Trevor Perrin worked the SEIP out to 16 whole bits of security. | >Trevor Perrin worked the SEIP out to 16 whole bits of security. | ||
- | If you read the linked mailing list thread you will discover | + | This was wrong, but it was not Trevor Perrin' |
- | anything to seriously worry about:" | + | |
>And, finally, even if everything goes right, the reference PGP implementation will (wait for it) release unauthenticated plaintext to callers, even if the MDC doesn’t match. | >And, finally, even if everything goes right, the reference PGP implementation will (wait for it) release unauthenticated plaintext to callers, even if the MDC doesn’t match. |
pgpfan/tpp.txt · Last modified: 2024/05/02 13:39 by b.walzer