1994-09-30 - PGP hole

Header Data

From: “Dr. D.C. Williams” <dcwill@ee.unr.edu>
To: cypherpunks@toad.com
Message Hash: 46d1c988f30049b3203ef6dbd2ec00143692d3ca88493a7feb8ac8e89a88f5f5
Message ID: <199409300313.UAA15242@python>
Reply To: N/A
UTC Datetime: 1994-09-30 03:15:48 UTC
Raw Date: Thu, 29 Sep 94 20:15:48 PDT

Raw message

From: "Dr. D.C. Williams" <dcwill@ee.unr.edu>
Date: Thu, 29 Sep 94 20:15:48 PDT
To: cypherpunks@toad.com
Subject: PGP hole
Message-ID: <199409300313.UAA15242@python>
MIME-Version: 1.0
Content-Type: text/plain


  
   FWIW, it seems that a hole has been discovered in PGP 2.6.1, 2.7, 2.6,
2.3a, and most likely earlier versions as well. Apparently, it is possible
to insert cleartext within a signed message and still receive a good sig
message upon verification. Interested parties are referred to alt.security.
pgp for a rather lengthy thread on this subject. I haven't seen anything
on the cp list yet and thought those who don't read news regularly might
find this information to be useful. I can forward the entire thread via
email upon request.


=D.C. Williams	<dcwill@ee.unr.edu>





Thread