danger of decrypted files without integrity protection
bernhard at intevation.de
Thu May 17 14:59:13 CEST 2018
Am Donnerstag 17 Mai 2018 11:18:40 schrieb Holger Smolinski:
> 2nd variant is attacking CFB mode by injecting CFB gadgets
The CFB mode with MDC as GnuPG is using by default for 15 years
protects against this. (As discussed in other posts already.)
The point of my post is that the CBC mode that all known
CMS implementations use for S/MIME does not have this protection
for emails without inner signature.
So files coming out of this can leak decrypted plaintext
or otherwise use a backchannel or get "active".
Browsers offer no additional protection. So decrypting
files outside an email client may lead to dangerous files.
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-devel