What is the "small security glitch" mentioned in the FAQ?
David Shaw
dshaw at jabberwocky.com
Tue Feb 3 18:24:21 CET 2004
On Sun, Feb 01, 2004 at 10:00:56AM +0100, Peter Valdemar Mørch wrote:
> http://www.gnupg.org/documentation/faqs.html#q7.1
> states:
> "There is a small security glitch in the OpenPGP (and therefore GnuPG)
> system; to avoid this you should always sign and encrypt a message
> instead of only encrypting it."
The glitch was fixed in the standard a while ago, and both GnuPG and
PGP have the fix. This is the MDC function which is intended to
prevent message manipulation. If you've ever decrypted a message and
saw something like "WARNING: message was not integrity protected",
that's what it is talking about.
David
More information about the Gnupg-users
mailing list