On 15/05/18 08:58, Werner Koch wrote: > > Unless you change the default options of gpg or you encrypt to at least > one old key there is no problem at all. I assume that 99.9% of all GPG > created messages are safe because they use MDC in away which allows the > receiving GPG to hard fail if the MDC was stripped.
This is a very good point that I think has been overlooked in the chaos. There are many different things going on here that overlap and interact. The only emails that are in danger of being leaked *via the MDC issue* are those that were originally encrypted using one of the obsolete cipher suites. Anything encrypted with AES should be immune. This is because: a) gnupg only falls back to compatibility mode for messages that use obsolete ciphers, and b) If you inject an AES cipherstream into a 3DES or CAST5 message (which is how the CFB gadget trick works), you get garbage. BUT We should also be very careful to note that none of this discussion thread applies to the MIME concatenation vulnerability, which is a problem in Thunderbird and other mail clients, and which cannot be solved by gnupg. -- Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
