Serious problem with detached sigs
Ulf Möller
ulf at fitug.de
Wed Nov 29 17:06:39 CET 2000
On Wed, Nov 29, 2000 at 06:20:45PM -0800, Dale Harris wrote:
> I thought there always was some sort of checksum being done on a file instead
> of just a signature. Is that not the case?
An OpenPGP signature involves a hash (i.e. a sort of checksum). But in
the attack that Rene Puls described, GnuPG computes the hash of the
second message and ignores the first one.
More information about the Gnupg-devel
mailing list