Suppressing non-integrity-protected data (was: "decryption forced to fail" due to missing signature?)

Peter Lebbing peter at
Wed Jan 24 13:22:38 CET 2018

On 24/01/18 10:49, Neal H. Walfield wrote:
> But, even here
> 1 MB will probably be acceptable, which, if managed carefully (e.g.,
> only flush 50% of the buffer when it is full) should hopefully corrupt
> the output enough that it becomes unusable even if the MDC failure is
> ignored.

Could you define "unusable"?

As the data is already deliberately corrupted, we need to define what is
the "use" of this corrupted data. If it is to function as a plaintext
oracle to the attacker, at what point is that purpose no longer
fulfilled? Or is there some other purpose for the corrupted data?

Or is there another reason altogether to prevent access to the result of
decryption, i.e., what is the threat model we're discussing?


I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the Gnupg-devel mailing list