Would checking this field before using someone's public key guarantee that there was no ADK attached to that key or does this vulnerablility mean that the flag won't be set?
It should show correctly whether or not they have an ADK, but can't tell whether or not it's a valid ADK.
Of course, if you're really paranoid, you could refuse to use their public key if they have any ADK, but then you have to find some other secure way of communicating with them...
I may be wrong, but for the intended recipient of a message it should be possible to detect, that his key was compromised and used with a vulnerable copy of PGP. The receiving PGP/GnuPG just should check if there are any additional encodings which shouldn't be there regarding to the own local genuine version of the key.
Except by then it's too late - the "secure" e-mail is already compromised.
Lost count of how many people posted that the link doesnt work. NO IT DOESNT, BUT IF YOU READ SOME OF THE POSTS YOULL FIND OUT WHY. As well as the the new link.
Slashdot Mirror
Would checking this field before using someone's public key guarantee that there was no ADK attached to that key or does this vulnerablility mean that the flag won't be set?
It should show correctly whether or not they have an ADK, but can't tell whether or not it's a valid ADK.
Of course, if you're really paranoid, you could refuse to use their public key if they have any ADK, but then you have to find some other secure way of communicating with them...
My public key has been generated with PGP for Win32, although I use it from GPG too. Am I vulnerable?
Not if you can be certain people sending you encrypted data only use your file to encrypt, and that file is secure from hackers...
I may be wrong, but for the intended recipient of a message it should be possible to detect, that his key was compromised and used with a vulnerable copy of PGP. The receiving PGP/GnuPG just should check if there are any additional encodings which shouldn't be there regarding to the own local genuine version of the key.
Except by then it's too late - the "secure" e-mail is already compromised.
Lost count of how many people posted that the link doesnt work. NO IT DOESNT, BUT IF YOU READ SOME OF THE POSTS YOULL FIND OUT WHY. As well as the the new link.
Use those eyes, folks.
But did they ever try to get a patent on it?
Well, you obviously dont have the skills to use the preview button first...even when you're reminded every time you post.
Or perhaps people should READ THE PREVIOUS POSTS before posting the same question.