uri <uri(_at_)watson(_dot_)ibm(_dot_)com> writes:
Make the "pseudo-IV" prefix partially non-random - i.e. the last two
bytes being checksum for the other 14. No big deal security-wise and
noticeable help in detecting the right key.
I aggree as this will help detecting bad keys for conventional-only
encrypted data.
So? Compared to cost of one RSA or DSA operation, one SHA-1 is negligible.
Who cares?
Hashing 700 Mges takes a while and sometimes conventional only
encryption is used. But IMHO it is worth this time. If someone
does not like it, he can still use packet type 9 and the specs
shoudl say that an implemention SHOULD display a notice if a
cipher >= 7 is used without a MDC.
--
Werner Koch at guug.de www.gnupg.org keyid 621CC013