[Announce] Attack against OpenPGP encryption

Johan Wevers johanw at vulcan.xs4all.nl
Fri Feb 11 14:45:07 CET 2005

David Shaw wrote:

>3) It might be effective against an automated process that
>   incorporates OpenPGP decryption, if that process returns errors
>   back to the sender.


>   attached two patches to this mail.  These patches disable a
>   portion of the OpenPGP protocol that the attack is exploiting.

So the solution is changing the way that errors are reported back to the
sender in this case?

>   These patches will be part of the 1.2.8 and 1.4.1 releases of GnuPG.

Any idea when these versions are about to be released?

ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

More information about the Gnupg-users mailing list