MDC and GnuPG as a filter
David Shaw
dshaw@jabberwocky.com
Mon Aug 12 16:25:02 2002
On Mon, Aug 12, 2002 at 03:59:06PM +0200, Florian Weimer wrote:
> It looks as if an application should start processing the decrypted
> data only after the MDC packet has been verified. (Have a look at
> this paper: http://www.counterpane.com/pgp-attack.html -- most of you
> probably know it already.)
>
> Unfortunately, this breaks one-pass processing for OpenPGP data. The
> whole plaintext has to be stored, and in general, processing can only
> begin after all data has been received. :-(
This is true, but the onus is on the application to handle this
correctly, and not GnuPG. GnuPG already does the right thing by
reporting a MDC failure as a decryption error. If the application
chooses to ignore this, that's a bug in the application. I agree it
would be nice to not generate any data at all when there is a MDC
failure, but as you say, it would mean no more one-pass processing.
Incidentally, if that paper is the same one that I saw, the section
about a GnuPG-specific attack is erroneous. I sent a correction to
the authors, but unfortunately it did not arrive in time for the
conference deadline.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson