[Users] FYI: PGP-encrypted email Warning
Slavko
linux at slavino.sk
Tue May 15 12:11:39 CEST 2018
Hi,
Dňa Mon, 14 May 2018 12:47:04 +0200 Slavko <linux at slavino.sk> napísal:
> CM displays message and warning is lost at all (at least i was not
> able to find it)... But the RFC 4880 says:
>
> Any failure of the MDC indicates that the message has been modified
> and MUST be treated as a security problem. Failures include a
> difference in the hash values, but also the absence of an MDC
> packet, ^^^^^^^^^^^^^^^^^^^^^^^^^^
> or an MDC packet in any position other than the end of the
> plaintext. Any failure SHOULD be reported to the user.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Or i miss something?
To be honest, i miss something - the DES3 cipher has not MDC at all,
when i send email with AES without MDC, the CM correctly displays
warning ("Decryption failed") and shows encrypted content of message
only.
I did similar test with latest Thunderdird & Enigmail (for AES
without MDC), and it shows warning, but shows decrypted message.
regards
--
Slavko
http://slavino.sk
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 506 bytes
Desc: Digitálny podpis OpenPGP
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20180515/54906262/attachment.sig>
More information about the Users
mailing list