Question about FAQ section 7.1

mujyo at comcast.net mujyo at comcast.net
Fri Sep 24 21:16:11 CEST 2004


Hello List :^)

In section 7.1 of the FAQ the last paragraph states:

"There is a small security glitch in the OpenPGP (and therefore GnuPG)
system; to avoid this you should always sign and encrypt a message
instead of only encrypting it."
( http://www.gnupg.org/(en)/documentation/faqs.html#q7.1 )

I am wondering if this is still the case, and if this means that one
should also not use 'conventional' encryption, as the language appears
to possibly be saying that as well. And has this 'glitch' been fixed?

I apologize if this has already been discussed a few times, if that
bothers anyone, I did look over a bit of the message archives and
didn't see this question, or the answer ;)

Also, does anyone see any basic problems in encrypting =<700MB files
using --recipient (My-Name) --encrypt (File), i.e. encrypting to one's
self for files only for yourself. Is it better to encrypt with say
TWOFISH, or a Key-pair even though you are only encrypting to
yourself.

Or I if I take the section in the FAQ above correctly I should add
--sign to the commands, right?

Okay, thanks for reading, and thanks in advance for answering, I
hope!

By the way I am presently using GnuPG 1.2.4 on an MS-Windows system.



yours,

Joseph




More information about the Gnupg-users mailing list