New PGP/GPG Vulnerability?

Brent Miller yidaki2@earthlink.net
Tue Aug 13 07:12:01 2002


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

From
http://story.news.yahoo.com/news?tmpl=story&ncid=582&e=1&cid=582&u=/nm/20020813/wr_nm/tech_hackattacks_dc_2

*snip*

"Schneier released information Monday about a separate flaw in the PGP
(Pretty Good Privacy) program that is freely available and used to
encrypt messages sent over the Internet.

Schneier and Jonathan Katz of the University of Maryland at College Park
found a way an attacker could intercept a PGP encrypted message, modify
it without decrypting it, dupe the user into sending it back, and
retrieve the original message.

"It's beautiful mathematically, but in terms of seriousness, it's not
that serious," Schneier said.

*snip*


Does anybody know anything more about this? I went to counterpane.com
and I didn't see anything on their site. Does this effect GPG as well?

Thanks,
Brent
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAj1YliQACgkQwXn/SJ56BnI1agCaAvUGLQL4hfd/R/CMOFGMFJ5t
8XUAoNJ6Va9eWe6SVLDeOAtQwKimSQP1
=xjzN
-----END PGP SIGNATURE-----