PGP hole
Dr. D.C. Williams
dcwill at ee.unr.edu
Thu Sep 29 20:15:48 PDT 1994
FWIW, it seems that a hole has been discovered in PGP 2.6.1, 2.7, 2.6,
2.3a, and most likely earlier versions as well. Apparently, it is possible
to insert cleartext within a signed message and still receive a good sig
message upon verification. Interested parties are referred to alt.security.
pgp for a rather lengthy thread on this subject. I haven't seen anything
on the cp list yet and thought those who don't read news regularly might
find this information to be useful. I can forward the entire thread via
email upon request.
=D.C. Williams <dcwill at ee.unr.edu>
More information about the cypherpunks-legacy
mailing list