danger of decrypted files without integrity protection

Tobias Mueller muelli at cryptobitch.de
Fri May 18 12:02:47 CEST 2018


On Fri, 2018-05-18 at 09:08 +0200, Bernhard Reiter wrote:
> Am Donnerstag 17 Mai 2018 21:48:28 schrieb Greg Troxel:
> > I didn't mean to suggest that there was nothing to fix -- only that
> > "processing decrypted files is dangerous" is a subset of "processing
> > files is dangerous".
> I disagree. What efails reminds us of is that a decrypted
> file may contain cleverly placed pieces that will send a decrypted
> contents 
> somewhere else, so it is more problematic because it may expose
> something that was intented to be kept confidential.
But that's exactly what makes it a subset of the more general problem as
per the email before.
So I can't see where your disagreement comes from.


More information about the Gnupg-devel mailing list