Adding a nounce before hashing as covert channel
Werner Koch
wk at gnupg.org
Mon Dec 16 15:51:59 CET 2024
On Mon, 16 Dec 2024 13:30, Andrew Gallagher said:
> even if it’s at the beginning of the subpacket area it’s still
> hashed-in after the document, which doesn’t protect against
> chosen-prefix attacks.
If you can imagine only chosen-prefix attacks than you are right. But
we don't known and we have seen a lot of surprising research in
mathemetics.
> I am genuinely interested to know why it is _impossible_. OpenPGP has
> never seriously attempted to eliminate covert channels - there are
But we never introduced new ones without a good reason.
> taking plaintext covert channels as a serious threat. Also, v5
> signatures have extra free-text fields (filename, timestamp) that are
> hashed-in before the main document, rather than as subpackets.
Yes, they can be used. But your WG removed the bug fix (i.e. hashing
the meta data). And that is the very reason why it is not possible to
support that new signing format.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20241216/1fbeaa8b/attachment.sig>
More information about the Gnupg-devel
mailing list