GnuPG - Serious Flaw Discovered.

Discussion in 'privacy technology' started by x942, Aug 8, 2013.

Thread Status:
Not open for further replies.
  1. x942

    x942 Guest

    Source

    Version 1.4.2.2 fixes this bug. The bug apparently effects all previous versions.

    EDIT:

    Through more research this may not be as big of a deal as I initially thought:
    Source
     
    Last edited by a moderator: Aug 8, 2013
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    This isn't really surprising. You can do the same thing with signed files. What you can't do is modify any of the signed content, but you can add a certain amount of data to it.
     
  3. x942

    x942 Guest

    Yup. I just added some more information to the OP. Apparently some plugins don't have this issue at all (they separate the unsigned portion from the signed portion. Only issue is basically that GPG display the unsigned data with the signed data. Could be confusing for users.
     
  4. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    Is this really a "huge" or "serious" flaw? What sort of data could be added and how would that impact the security of the signed content?
     
  5. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    It wouldn't. He made a mistake.
     
  6. chrisretusn

    chrisretusn Registered Member

    Joined:
    Jun 16, 2004
    Posts:
    1,322
    Location:
    Philippines
    Hmm... as I figured. It just seems to me a lot of "security" issues are overblown.
     
Loading...
Thread Status:
Not open for further replies.