I’m reading the man page and looking for the place where GPG instructs users not to render plaintext if an MDC isn’t present on a message. Can someone help me find it?
-
-
Replying to @tqbf
Hmm, I think I'm on team client bugs. I know about gpg message modification, and have found attacks before (e.g. CVE-2006-0049). If client is not waiting for the DECRYPTION_OKAY status-fd message, that seems clearly client bug to me?
3 replies 3 retweets 14 likes -
there's no need to pick a team. it's pretty clear there are both client bugs and crypto bugs involved. As I tweetet elsewhere you can literally read up the definition of authenticated encryption to see this is a wrong API for an AE. https://cseweb.ucsd.edu/~mihir/papers/oem.html …
1 reply 0 retweets 1 like -
It's a low-level api that by necessity exposes legacy design choices. Given those constraints, I happen to think they've done okay. gpgme wraps it and provides a modern api for clients to use, and that (of course) handles status messages correctly.
1 reply 0 retweets 6 likes
I'm not a pgp cheerleader, this just seems like complaining that if you use the bn routines directly rather than x509_verify_cert(), clients could get it wrong. That would be true, but I'm not convinced it would be OpenSSL's fault?
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.