[Users] FYI: PGP-encrypted email Warning
linux at slavino.sk
Tue May 15 12:11:39 CEST 2018
Dňa Mon, 14 May 2018 12:47:04 +0200 Slavko <linux at slavino.sk> napísal:
> CM displays message and warning is lost at all (at least i was not
> able to find it)... But the RFC 4880 says:
> Any failure of the MDC indicates that the message has been modified
> and MUST be treated as a security problem. Failures include a
> difference in the hash values, but also the absence of an MDC
> packet, ^^^^^^^^^^^^^^^^^^^^^^^^^^
> or an MDC packet in any position other than the end of the
> plaintext. Any failure SHOULD be reported to the user.
> Or i miss something?
To be honest, i miss something - the DES3 cipher has not MDC at all,
when i send email with AES without MDC, the CM correctly displays
warning ("Decryption failed") and shows encrypted content of message
I did similar test with latest Thunderdird & Enigmail (for AES
without MDC), and it shows warning, but shows decrypted message.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 506 bytes
Desc: Digitálny podpis OpenPGP
More information about the Users