MDC and GnuPG as a filter

David Shaw dshaw at
Mon Aug 12 17:25:02 CEST 2002

On Mon, Aug 12, 2002 at 03:59:06PM +0200, Florian Weimer wrote:
> It looks as if an application should start processing the decrypted
> data only after the MDC packet has been verified.  (Have a look at
> this paper: -- most of you
> probably know it already.)
> Unfortunately, this breaks one-pass processing for OpenPGP data.  The
> whole plaintext has to be stored, and in general, processing can only
> begin after all data has been received. :-(

This is true, but the onus is on the application to handle this
correctly, and not GnuPG.  GnuPG already does the right thing by
reporting a MDC failure as a decryption error.  If the application
chooses to ignore this, that's a bug in the application.  I agree it
would be nice to not generate any data at all when there is a MDC
failure, but as you say, it would mean no more one-pass processing.

Incidentally, if that paper is the same one that I saw, the section
about a GnuPG-specific attack is erroneous.  I sent a correction to
the authors, but unfortunately it did not arrive in time for the
conference deadline.


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list