newbie problems
David Shaw
dshaw@jabberwocky.com
Sat Dec 7 14:19:02 2002
On Fri, Dec 06, 2002 at 09:21:49AM -1000, Max Brandt wrote:
> Hi all,
>
> Thanks to those who have enlightened me on the difference between
> "sign" and "encrypt and sign".
>
> So far I have not had a reply on the last point of my original post:
>
> > Finally, a question: To test the compatibility between GPG
> > and PGP8, I created new keys in each, imported the public
> > keys of each to the other, signed them, then sent encrypted
> > and signed messages to each. GPGtoPGP gave no problems, but
> > in decrypting the PGP-GPG message I got this
> > warning:
> > gpg: WARNING: message was not integrity protected
> > What is the problem here?
>
> I see that GPGshell gives me the option, in GnuPG preferences, to
> remove this warning (no-mdc-warning). As there appears to be no
> option in PGP8 relating to modification detection code, I
> assume that PGP (at least in the freeware version) encrypts
> without mdc, which would make all messages vulnerable to message
> modifications attacks. Am I correct?
PGP always encrypts without MDC, though it can understand
MDC-protected messages generated elsewhere.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson