What is the "small security glitch" mentioned in the FAQ?

David Shaw dshaw at jabberwocky.com
Tue Feb 3 18:24:21 CET 2004

On Sun, Feb 01, 2004 at 10:00:56AM +0100, Peter Valdemar Mørch wrote:
> http://www.gnupg.org/documentation/faqs.html#q7.1
> states:
> "There is a small security glitch in the OpenPGP (and therefore GnuPG) 
> system; to avoid this you should always sign and encrypt a message 
> instead of only encrypting it."

The glitch was fixed in the standard a while ago, and both GnuPG and
PGP have the fix.  This is the MDC function which is intended to
prevent message manipulation.  If you've ever decrypted a message and
saw something like "WARNING: message was not integrity protected",
that's what it is talking about.


More information about the Gnupg-users mailing list