[Cryptography] Vulnerability found in badly broken email apps that use PGP and S/MIME
Werner Koch
wk at gnupg.org
Wed May 16 07:57:13 EDT 2018
On Wed, 16 May 2018 10:49, pgut001 at cs.auckland.ac.nz said:
> If you're just after test vectors, here's one, password-encrypted with
> password "test" (which saves having to do the "send me your public key" /
Thanks. Frankly I missed RFC-6476 when searching the index for
authenicated encryption. Better to use a MAC than GCM. Or well there
is RFC-8103 (ChaCha20).
> mean none exist, merely that I don't know if any do it. As with the PGP CFB-
> attack paper from many years ago, maybe this will the the wakeup call that
> gets mailers to finally support it. In the same way that standard security is
Assuming that it will take a decade we could directly settle for OCB ;-)
Salam-Shalom,
Werner
--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180516/3113a417/attachment.sig>
More information about the cryptography
mailing list