More questions about: "gpg: WARNING: message was not integrity protected"

David Shaw dshaw at jabberwocky.com
Mon Apr 10 00:28:27 CEST 2006 

On Sun, Apr 09, 2006 at 03:27:17PM -0300, Trevor Smith wrote:
> Some time ago there were questions about the warning message:
> 
> gpg: WARNING: message was not integrity protected
> 
> that gpg outputs when decrypting *some* symmetrically encrypted  
> texts. Werner Koch wrote in
> http://lists.gnupg.org/pipermail/gnupg-users/2004-October/023500.html
> that:
> 
> >That message is on purpose to remind people that they should use the
> >MDC feature.  MDC is automagically handled through the preferences
> >system but with symmetrical only encrypted mails we don't have them
> >and thus we need to print the warning in all cases.
> 
> I have some questions about this:
> 
> 1. How is MDC enabled? I cannot find a setting (I'm using Mac OS X  
> and my man pages are mysteriously missing). There is no (commented  
> out) option for MDC in my gpg.conf file.

MDC can be forced on via --force-mdc.  As Werner said, the preference
system will automatically handle this for public key encryption.  For
symmetric encryption (which has no preference system), you can use
--force-mdc if you want a MDC.

> 2. I have observed that by switching my cipher-algo from the default,  
> CAST5, to AES256 (or any variant of AES, if I recall correctly), the  
> warning goes away. Why?

In an effort to increase the use of MDC, it was noted that all
implementations that could handle AES could also handle MDC.  Thus,
using any AES (or TWOFISH) turns the MDC flag on for you.

> 3. Werner implies that the warning is only generated for  
> symmetrically encrypted emails but I have noticed that an email from  
> my girlfriend, signed and encrypted to my public key will display  
> this warning, when decrypted/verified from the command line. However,  
> a message that I encrypt to myself then decrypt on the command line  
> does *not* display it. Is this, again, because I have my default  
> cipher-algo set to AES256 in my gpg.conf file while my girlfriend is  
> using the default (CAST5)?

It is, but this is not a complete answer.  Neither of you should have
a cipher-algo set in your gpg.conf file.  If you do, you're fighting
against all the automatic parts of the system.  Let GPG do what it is
supposed to do and you'll be better off.

> 4. All this gives the impression that CAST5 suffers from a weakness  
> that AES256 does not. Is this true?

That's sort of an apples and oranges question.  CAST5 is a 128-bit
cipher.  AES256 is a 256-bit cipher.  Is CAST5 weaker than AES256?
Yes, but that's that not to say that CAST5 is broken somehow: AES256
is just twice as large.

David

More information about the Gnupg-users mailing list