PGP hole

Dr. D.C. Williams dcwill at ee.unr.edu
Thu Sep 29 20:15:48 PDT 1994


  
   FWIW, it seems that a hole has been discovered in PGP 2.6.1, 2.7, 2.6,
2.3a, and most likely earlier versions as well. Apparently, it is possible
to insert cleartext within a signed message and still receive a good sig
message upon verification. Interested parties are referred to alt.security.
pgp for a rather lengthy thread on this subject. I haven't seen anything
on the cp list yet and thought those who don't read news regularly might
find this information to be useful. I can forward the entire thread via
email upon request.


=D.C. Williams	<dcwill at ee.unr.edu>






More information about the cypherpunks-legacy mailing list