Re: Short intro on the K-R attack [Re: private key language]

ietf-openpgp

Re: Short intro on the K-R attack [Re: private key language]

2005-12-29 01:29:54


On Wed, Dec 28, 2005 at 03:36:11PM -0800, Jon Callas wrote:

Okay, so there isn't anything new here. We fixed this years ago.


No, we haven't. The public material can still be altered, unless some
expensive checks (like verifying the signature after it has been made) are
in place. Actually, the MDC at the end of the private material that does
not include the public part does exactly nothing against this attack.

-- 
Daniel

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
private key language, Daniel A. Nagy Re: private key language, David Shaw Re: private key language, Daniel A. Nagy Re: private key language, David Shaw Re: private key language, Daniel A. Nagy Re: private key language, David Shaw Re: private key language, Jon Callas Short intro on the K-R attack [Re: private key language], Daniel A. Nagy Re: Short intro on the K-R attack [Re: private key language], Jon Callas Re: Short intro on the K-R attack [Re: private key language], Daniel A. Nagy <= Re: Short intro on the K-R attack [Re: private key language], Jon Callas Re: Short intro on the K-R attack [Re: private key language], Daniel A. Nagy Re: Short intro on the K-R attack [Re: private key language], Ben Laurie Re: Short intro on the K-R attack [Re: private key language], Ian G

Previous by Date:	Re: Outstanding question - rule on cleartext signing last line, David Shaw
Next by Date:	Re: Short intro on the K-R attack [Re: private key language], Jon Callas
Previous by Thread:	Re: Short intro on the K-R attack [Re: private key language], Jon Callas
Next by Thread:	Re: Short intro on the K-R attack [Re: private key language], Jon Callas
Indexes:	[Date] [Thread] [Top] [All Lists]