TAB at EOL (GPG and PGP interoperability)

David Shaw
Wed Jan 15 21:31:03 2003

On Wed, Jan 15, 2003 at 12:19:12PM -0800, Knut Forkalsrud wrote:
> David Shaw <> writes:
> > If you use a hash other than MD5, then GnuPG won't detect the
> > message as PGP 2.x compatible so will not turn on the tab detector.
> I'm just thinking it could be possible to calculate two hashes of the
> same message, one ignoring TAB at end of line and the other doing it
> the right way.  If the right hash doesn't look like the one in the
> signature, the alternative one might match.
> I'm no GPG (or PGP) expert, but is there something preventing an
> approach like this from working (working in the sense working around
> the bug in PGP)?

No, that will work (and in fact there is a place within GnuPG where we
do something similar), but it incurs a cost since we must in effect
process every clearsigned file twice.  Given how often this is a
problem (this is the first time I've seen this problem come up in over
a year), the cost would outweigh the benefit of the fix.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson