ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] OpenPGP SEIP downgrade attack

2015-10-05 12:40:06
from [Neil Hunsperger] [Permanent Link] 
From: openpgp [mailto:openpgp-bounces(_at_)ietf(_dot_)org] On Behalf Of Jonas 
Magazinius

I've recently been analysing the OpenPGP standard and have found that it is 
vulnerable to a chosen-ciphertext attack to downgrade an SEIP packet to a 
plain SE packet.



I was going to submit a paper about the attack, but considering how quickly 
the challenge was cracked I realised the urgency to report this.


Assuming SE and SEIP now have equivalent security, does anyone suspect a 
real-world impact? I.e. is there software that trusts encrypted unsigned data 
more than it trusts unencrypted unsigned data?

-Neil
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] OpenPGP SEIP downgrade attack, Watson Ladd
Next by Date:  Re: [openpgp] OpenPGP SEIP downgrade attack, Werner Koch
Previous by Thread:  Re: [openpgp] OpenPGP SEIP downgrade attack, Watson Ladd
Next by Thread:  Re: [openpgp] OpenPGP SEIP downgrade attack, Werner Koch
Indexes:  [Date] [Thread] [Top] [All Lists]