I’m reading the man page and looking for the place where GPG instructs users not to render plaintext if an MDC isn’t present on a message. Can someone help me find it?
-
-
The lowest-level decryption API should never return the plaintext if the authentication tag fails. The opportunity to pass plaintext along should almost never be an option.
-
So, for example, you consider it a vulnerability that you can use internal BIO routines to extract plaintext from objects in OpenSSL? That is a very high bar, I think I disagree. I think it's okay to assume clients use the documented apis and don't poke internals.

- 12 more replies
New conversation -
-
-
It’s pretty close to that, yes. This isn’t a fringe position. The job of AEAD crypto is to treat unauthenticated plaintext like hazmat.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
