[linux-elitists] [david.kennedy@ACM.ORG: Czech PGP Flaw Tech Details]
Mon Mar 26 11:44:51 PST 2001
>>>>> "KMS" == Karsten M Self <email@example.com> writes:
KMS> My understanding is that this is a cryptographic attack,
KMS> solutions probably require re-architecting the GPG protocol.
KMS> But I don't have a deep understanding of the protocol or
Actually, the attack is fairly simple. It has more to do with how
OpenPGP mandates saving a secret key than anything else.
Adding more checks to make sure that the secret key the program is
opening is -really- the kind of key the keyring says it is is probably
the best way to fix the problem.
Mr. Bad <firstname.lastname@example.org> | Pigdog Journal | http://pigdog.org/
More information about the linux-elitists