Security glitch with 3DES and -c
wk at gnupg.org
Fri Oct 1 12:48:46 CEST 1999
Michael Roth <mroth at nessie.de> writes:
> Hmm. Yes. But what about that GnuPG tries using both decryption modes?
> First the correct one and if that fails tries with the old s2k-bug?
We are already doing such things to verify PGP generated signatures.
Becuase symmentric encryption is not used very often (please prove me
wrong) and especially because 3DES is not the default algorithm I
think it is better to just have a way to decrypt things with a special
option and not to blow up the code and have the chance to introduce other
bugs. Users how have manged to use -c with 3DES will also have a look
at the NEWS file and the FQ to figure out what had happen to their
Werner Koch at guug.de www.gnupg.org keyid 621CC013
More information about the Gnupg-devel