[Cryptography] Vulnerability found in badly broken email apps that use PGP and S/MIME

Werner Koch wk at gnupg.org
Wed May 16 07:57:13 EDT 2018


On Wed, 16 May 2018 10:49, pgut001 at cs.auckland.ac.nz said:

> If you're just after test vectors, here's one, password-encrypted with
> password "test" (which saves having to do the "send me your public key" /

Thanks.  Frankly I missed RFC-6476 when searching the index for
authenicated encryption.  Better to use a MAC than GCM.  Or well there
is RFC-8103 (ChaCha20).

> mean none exist, merely that I don't know if any do it.  As with the PGP CFB-
> attack paper from many years ago, maybe this will the the wakeup call that
> gets mailers to finally support it.  In the same way that standard security is

Assuming that it will take a decade we could directly settle for OCB ;-)


Salam-Shalom,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180516/3113a417/attachment.sig>


More information about the cryptography mailing list