[Users] FYI: PGP-encrypted email Warning

Slavko linux at slavino.sk
Tue May 15 12:11:39 CEST 2018


Dňa Mon, 14 May 2018 12:47:04 +0200 Slavko <linux at slavino.sk> napísal:

> CM displays message and warning is lost at all (at least i was not
> able to find it)... But the RFC 4880 says:
>    Any failure of the MDC indicates that the message has been modified
>    and MUST be treated as a security problem.  Failures include a
>    difference in the hash values, but also the absence of an MDC
> packet, ^^^^^^^^^^^^^^^^^^^^^^^^^^
>    or an MDC packet in any position other than the end of the
> plaintext. Any failure SHOULD be reported to the user.
>    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Or i miss something?

To be honest, i miss something - the DES3 cipher has not MDC at all,
when i send email with AES without MDC, the CM correctly displays
warning ("Decryption failed") and shows encrypted content of message

I did similar test with latest Thunderdird & Enigmail (for AES
without MDC), and it shows warning, but shows decrypted message.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 506 bytes
Desc: Digitálny podpis OpenPGP
URL: <http://lists.claws-mail.org/pipermail/users/attachments/20180515/54906262/attachment.sig>

More information about the Users mailing list