I’m reading the man page and looking for the place where GPG instructs users not to render plaintext if an MDC isn’t present on a message. Can someone help me find it?
-
-
There a whole long annoying debates in AEAD proposal discussions about the exact right way to avoid exactly this property.
-
Presenting unauthenticated plaintext to callers is itself a vulnerability, intrinsically, no matter what you print afterwards.
- 17 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
