Slashdot Mirror

← Back to Stories (view on slashdot.org)

Schneier et al Report PGP Vulnerability

Posted by timothy on Monday August 12, 2002 @06:46AM from the speak-plainly dept.

SpaceTaxi writes: "Researchers reported that they were able to intercept and modify a PGP encrypted message so that, IF it is sent back to the attacker, the original message could be read by the attacker." The paper comes from Kahil Jallad, Jonathan Katz, and Bruce Schneier. Here is the Yahoo! article.

1 of 204 comments (clear)

Min score:

Reason:

Sort:

This is a EMAIL CLIENT flaw, not a pgp flaw. by TrentTheThief · 2002-08-12 07:25 · Score: 5, Interesting

Please, read this article a with an eye to word meanings and English usage.

This is a setup and usage problem in the email client, not in a flaw in PGP.

If a person is fool enough to leave their keyring available to the mail client (that's what the floppy disk in my pocket is for), to not remove their passphrase from memory, and to automatically include the plain-text version of an encrypted message when replying, they deserve no security.

This so-called "flaw" in PGP is on a par with calling an OUTLOOK email flaw a virus.