Efail or OpenPGP is safer than S/MIME

Andrew Gallagher andrewg at andrewg.com
Mon May 14 11:30:18 CEST 2018

On 14/05/18 10:15, Robert J. Hansen wrote:
>> I see that MDC is the default for all modern ciphers, but does that imply
>> that MDC *checking* is the default?
> MDC is an attribute of the packet, not the cipher.  By default, all
> ciphers in the GnuPG suite use MDC.

OK, but from Werner's link earlier:

> We hesitate to require the MDC also for old algorithms (3DES, CAST5>
> because a lot of data has been encrypted using them in the first
> years of OpenPGP.
So if someone sends me a 3DES-encrypted mail it won't check the MDC?
Doesn't gpg still support reading 3DES?

Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180514/3d7c2a8a/attachment.sig>

More information about the Gnupg-users mailing list