no error returns when a wrong key/iv is used for decrypting
Werner Koch
wk at gnupg.org
Fri Feb 18 08:59:43 CET 2011
On Fri, 18 Feb 2011 02:24, nmav at gnutls.org said:
> This is ok if a quick verification is required, but if malicious
> parties are expected, then this method is dangerous. That is because
It all depends on how you employ it. We all know that providing an
oracle can be dangereous. In OpenPGP this is not the case given that it
is properly implemented. See the OpenPGP WG archives from 1998 or so
for lengthly discussions on this topic.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gcrypt-devel
mailing list