New PGP/GPG Vulnerability?
Tue Aug 13 07:12:01 2002
-----BEGIN PGP SIGNED MESSAGE-----
"Schneier released information Monday about a separate flaw in the PGP
(Pretty Good Privacy) program that is freely available and used to
encrypt messages sent over the Internet.
Schneier and Jonathan Katz of the University of Maryland at College Park
found a way an attacker could intercept a PGP encrypted message, modify
it without decrypting it, dupe the user into sending it back, and
retrieve the original message.
"It's beautiful mathematically, but in terms of seriousness, it's not
that serious," Schneier said.
Does anybody know anything more about this? I went to counterpane.com
and I didn't see anything on their site. Does this effect GPG as well?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----