pgpfan:tpp
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
pgpfan:tpp [2022/05/13 16:21] – More relevant to the issue. b.walzer | pgpfan:tpp [2022/06/06 19:02] – Clearer wording. b.walzer | ||
---|---|---|---|
Line 103: | Line 103: | ||
>The PGP MDC can be stripped off messages –– it was encoded in such a way that you can simply chop off the last 22 bytes of the ciphertext to do that. | >The PGP MDC can be stripped off messages –– it was encoded in such a way that you can simply chop off the last 22 bytes of the ciphertext to do that. | ||
- | This is true. It just means that a missing | + | Well, sure, you could do that. An implementation would probably |
>To retain backwards compatibility with insecure older messages, PGP introduced a new packet type to signal that the MDC needs to be validated; if you use the wrong type, the MDC doesn’t get checked. | >To retain backwards compatibility with insecure older messages, PGP introduced a new packet type to signal that the MDC needs to be validated; if you use the wrong type, the MDC doesn’t get checked. | ||
- | That's just a different implication of the fact that MDCs can be stripped. | + | An application |
>Even if you do, the new SEIP packet format is close enough to the insecure SE format that you can potentially trick readers into downgrading; | >Even if you do, the new SEIP packet format is close enough to the insecure SE format that you can potentially trick readers into downgrading; | ||
- | Which would mean that the MDC was not mandatory where required. Yet another implication | + | We have a problem here. The juxtaposition |
- | + | ||
- | The author again mentions | + | |
>Trevor Perrin worked the SEIP out to 16 whole bits of security. | >Trevor Perrin worked the SEIP out to 16 whole bits of security. |
pgpfan/tpp.txt · Last modified: 2023/12/19 13:21 by b.walzer