TAB at EOL (GPG and PGP interoperability)
David Shaw
dshaw@jabberwocky.com
Wed Jan 15 21:31:03 2003
On Wed, Jan 15, 2003 at 12:19:12PM -0800, Knut Forkalsrud wrote:
> David Shaw <dshaw@jabberwocky.com> writes:
>
> > If you use a hash other than MD5, then GnuPG won't detect the
> > message as PGP 2.x compatible so will not turn on the tab detector.
>
> I'm just thinking it could be possible to calculate two hashes of the
> same message, one ignoring TAB at end of line and the other doing it
> the right way. If the right hash doesn't look like the one in the
> signature, the alternative one might match.
>
> I'm no GPG (or PGP) expert, but is there something preventing an
> approach like this from working (working in the sense working around
> the bug in PGP)?
No, that will work (and in fact there is a place within GnuPG where we
do something similar), but it incurs a cost since we must in effect
process every clearsigned file twice. Given how often this is a
problem (this is the first time I've seen this problem come up in over
a year), the cost would outweigh the benefit of the fix.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson