 |  |  |
 |
Symmetric Encryption in OpenPGP under mild attackAutomated OpenPGP systems may have overlooked an issue that turns out to be open for exploits. With a human in the chain, nothing will happen but automated traffic handling should caution. A good explanation can be found on the PGP website with a link to the cryptanalytic article which provides all the details. To shield against this, avoid that error messages are too explanatory. At least to the attacker; being more informative in log files does not raise this issue when these are properly protected. Yet another example that crypto-programming is a profession, not a hobby. Because there is no leak in OpenPGP, merely a way of using it wrongly if you don't know what you're doing. Bibliographic information in BibTeX format:
@misc{cryptoeprint:2005:033,
author = {Serge Mister and Robert Zuccherato},
title = {An Attack on CFB Mode Encryption As Used By OpenPGP},
howpublished = {Cryptology ePrint Archive, Report 2005/033},
year = {2005},
note = {\url{http://eprint.iacr.org/}},
}
Posted on Fri, 11 Feb 2005, 09:21. |
spin-off |  |