newbie problems

David Shaw dshaw@jabberwocky.com
Sat Dec 7 14:19:02 2002


On Fri, Dec 06, 2002 at 09:21:49AM -1000, Max Brandt wrote:
> Hi all,
> 
> Thanks to those who have enlightened me on the difference between
> "sign" and "encrypt and sign".
> 
> So far I have not had a reply on the last point of my original post:
> 
> > Finally, a question: To test the compatibility between GPG
> > and PGP8, I created new keys in each, imported the public
> > keys of each to the other, signed them, then sent encrypted
> > and signed messages to each. GPGtoPGP gave no problems, but
> > in decrypting the PGP-GPG message I got this
> > warning:
> >      gpg: WARNING: message was not integrity protected
> > What is the problem here?
> 
> I see that GPGshell gives me the option, in GnuPG preferences, to
> remove this warning (no-mdc-warning). As there appears to be no
> option in PGP8 relating to modification detection code, I
> assume that PGP (at least in the freeware version) encrypts
> without mdc, which would make all messages vulnerable to message
> modifications attacks. Am I correct?

PGP always encrypts without MDC, though it can understand
MDC-protected messages generated elsewhere.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson