MDC and GnuPG as a filter
Werner Koch
wk@gnupg.org
Mon Aug 12 19:17:01 2002
On Mon, 12 Aug 2002 15:59:06 +0200, Florian Weimer said:
> this paper: http://www.counterpane.com/pgp-attack.html -- most of you
> probably know it already.)
Known for a couple of weeks. Actually it is an update of another
paper, this time with a real working example.
> Unfortunately, this breaks one-pass processing for OpenPGP data. The
> whole plaintext has to be stored, and in general, processing can only
> begin after all data has been received. :-(
Depends on what you do with the data. If you send it straight back
you have a problem. OTOH, the problem is not much different from an
uncompress error or an read error - the application should cancel
incomplete data anyway.
Shalom-Salam,
Werner