On Wed 2015-02-11 15:30:17 -0500, Andy Isaacson wrote:
> On Wed, Feb 11, 2015 at 05:56:44AM -0600, Tom Ritter wrote:
>> PGP has this janky MDC thing
>> http://tools.ietf.org/html/rfc4880#section-5.14 that would prevent a
>> bitflipped message from getting through, but not side channels or
>> attacks on the decryption process.
>
> I'm not certain but I think GnuPG is putting a SHA inside the RSA
> encryption of encrypted-but-not-signed messages. pgpdump on the outer
> message says:
This is indeed the "janky MDC thing" Tom is talking about.
from the spec:
The body of this packet consists of:
- A 20-octet SHA-1 hash of the preceding plaintext data of the
Symmetrically Encrypted Integrity Protected Data packet,
including prefix data, the tag octet, and length octet of the
Modification Detection Code packet.
--dkg
_______________________________________________
Messaging mailing list
[email protected]
https://moderncrypto.org/mailman/listinfo/messaging
