danger of decrypted files without integrity protection

Bernhard Reiter bernhard at intevation.de
Fri May 18 09:08:22 CEST 2018

Am Donnerstag 17 Mai 2018 21:48:28 schrieb Greg Troxel:
> I didn't mean to suggest that there was nothing to fix -- only that
> "processing decrypted files is dangerous" is a subset of "processing
> files is dangerous".

I disagree. What efails reminds us of is that a decrypted
file may contain cleverly placed pieces that will send a decrypted contents 
somewhere else, so it is more problematic because it may expose
something that was intented to be kept confidential. 

If the decryption client will decrypt several different message parts in one 
go, then it could even be tricked to decrypt several messages parts.

www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180518/1ac13f07/attachment.sig>

More information about the Gnupg-devel mailing list