-----BEGIN PGP SIGNED MESSAGE-----
Is there interest in fixing the security flaws discussed in the recent
"security analysis" thread? -
(1) the Integrity Protected Data and MDC Packets fail to stop Schneier et
al's attack, because the ciphertext blocks can be pasted into a
non-integrity protected packet (ie ciphertext from a tag 18 packet can be
placed in a tag 9 packet, evading the MDC).
[...] Unlike the Symmetrically Encrypted Data Packet, no
special CFB resynchronization is done after encrypting this prefix
doesn't this prevent converting packet 18 to 9 ?
^----PGP 2.6.3ia-multi06 (supports IDEA, CAST5, BLOWFISH, TWOFISH,
AES, 3DES ciphers and MD5, SHA1, RIPEMD160, SHA2 hashes)
-----BEGIN PGP SIGNATURE-----
Version: Netscape PGP half-Plugin 0.15 by Disastry / PGPsdk v1.7.1
-----END PGP SIGNATURE-----