Understanding MDC (Modification Detection Code)
Per Tunedal
pt@radvis.nu
Tue Apr 8 13:24:01 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
At 08:48 2002-10-19 -0400, you wrote:
>On Fri, Oct 18, 2002 at 12:05:34PM +0000, MindFuq wrote:
>> The faq states that having key preferences of TwoFish and AES implies
>> the keyholder has the capability of using MDC encryption. This may be
>> true, but my tests are showing that MDC is disjoint from those
>> algorithms. PGP 6.5.1i can handle MDC, and it's limited to the IDEA,
>> CAST, and 3DES ciphers.
>
>That is correct. As you saw, MDC is unrelated from any particular
>cipher choice. However, given the general evolution of OpenPGP, it is
>possible to infer from the presence of Twofish and AES that MDC
>exists. Ideally, of course, the key would have an explicit MDC flag,
>but PGP does not do this.
>
>> How exactly does MDC work? I know with MDC out of the picture, if
>> someone changes the ciphertext, the receiver knows. Either the
>> receiver will get garbage, or the receiver won't be able to decrypt
>> the message at all. So what's the purpose of MDC?
>
>Among other things, read http://www.counterpane.com/pgp-attack.html
>
>> Also, I'm curious as to why PGP 6.5.8 (domestic) cannot handle MDC,
>> but PGP 6.5.1i can. Was MDC capability removed, and then re-added in
>> PGP7?
>
>6.5.8 != 6.5.1i. Two different programs.
>
>David
>
I have re-read the document above today and realised that compressed data
e.g. zip-files might be a problem. The document tells that the attack
succeeds in 100% of the times if compression isn't used. And GPG doesn't
compress data if it already is compressed, right? And the mdc doesn't help
against this vulnerability?
BTW I found the switch --force-mdc that might be useful if not AES or
Twofish are used. Any problems with that? (I am testing it right now!)
Per Tunedal
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - GPGrelay v0.92
iD8DBQE+krFz2Jp9Z++ji2YRAilEAKCd1v0cmIYqUFpgbkBJrM19Vq5nZQCeJvYu
dBITmNIBB29KFkO5WVNZstA=
=M1mB
-----END PGP SIGNATURE-----