[Announce] Attack against OpenPGP encryption
Johan Wevers
johanw at vulcan.xs4all.nl
Fri Feb 11 14:45:07 CET 2005
David Shaw wrote:
>3) It might be effective against an automated process that
> incorporates OpenPGP decryption, if that process returns errors
> back to the sender.
[...]
> attached two patches to this mail. These patches disable a
> portion of the OpenPGP protocol that the attack is exploiting.
So the solution is changing the way that errors are reported back to the
sender in this case?
> These patches will be part of the 1.2.8 and 1.4.1 releases of GnuPG.
Any idea when these versions are about to be released?
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
More information about the Gnupg-users
mailing list