Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/crypto/openpgp: remove support for unauthenticated messages #25388

Open
FiloSottile opened this issue May 14, 2018 · 0 comments
Open

x/crypto/openpgp: remove support for unauthenticated messages #25388

FiloSottile opened this issue May 14, 2018 · 0 comments
Labels
NeedsFix The path to resolution is known, but the work has not been done. Security
Milestone
Unreleased

Comments

@FiloSottile
Copy link
Contributor

Messages without authentication tags (called MDC by OpenPGP) can be modified by an attacker. Malleable plaintexts lead to all sorts of attacks, the latest example being EFail.

The spec is hopelessly broken in therms of downgrade protection, so a message originating with a MDC can be stripped to look like a normal message without MDC. So the only fix is to disable support for MDC-less messages entirely.

Also, MDC were added in 2001, and it's 2018.
@FiloSottile FiloSottile added Security NeedsFix The path to resolution is known, but the work has not been done. labels May 14, 2018
@FiloSottile FiloSottile self-assigned this May 14, 2018
@gopherbot gopherbot added this to the Unreleased milestone May 14, 2018
@FiloSottile FiloSottile mentioned this issue Sep 27, 2018
Closed
@FiloSottile FiloSottile removed their assignment Mar 8, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
NeedsFix The path to resolution is known, but the work has not been done. Security
Projects
None yet
Milestone
Unreleased
Development

No branches or pull requests
2 participants
@FiloSottile @gopherbot