Question about FAQ section 7.1

haruki s. mujyo at
Fri Oct 1 14:20:43 CEST 2004

Thank you Mr. Shaw, Smasher and Williams for your answer(s) and
feedback :^) It was very useful in my first series of mental hurdles
on the path to using GPG.

Is there a wiki for updating the GPG-FAQ? Or perhaps someone working
on update keeping track commits and other less direct changes?

Friday, September 24, 2004, 12:56:17 PM, David Shaw dshaw at wrote:

> On Fri, Sep 24, 2004 at 12:16:11PM -0700, mujyo at wrote:
>> Hello List :^)
>> In section 7.1 of the FAQ the last paragraph states:
>> "There is a small security glitch in the OpenPGP (and therefore GnuPG)
>> system; to avoid this you should always sign and encrypt a message
>> instead of only encrypting it."
>> ( )
>> I am wondering if this is still the case, and if this means that one
>> should also not use 'conventional' encryption, as the language appears
>> to possibly be saying that as well. And has this 'glitch' been fixed?

> This isn't true any longer.  OpenPGP now has the MDC protection.  Both
> GnuPG and PGP support it.  MDC can be turned off manually, or if you
> encrypt to a key that doesn't support it, it is switched off
> automatically, but in general it is on.  GnuPG tries pretty hard to
> use MDC whenever possible.  MDC works for conventional encryption
> also.

>> Also, does anyone see any basic problems in encrypting =<700MB files
>> using --recipient (My-Name) --encrypt (File), i.e. encrypting to one's
>> self for files only for yourself. Is it better to encrypt with say
>> TWOFISH, or a Key-pair even though you are only encrypting to
>> yourself.

> No basic problem.  Some people like to use --symmetric when encrypting
> to themselves, and some people like to use their public key.  It's
> really a matter of taste.  I prefer to use my public key so I don't
> have one more passphrase to remember ;)

> David

> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at




More information about the Gnupg-users mailing list