PGP hole

Alan Barrett barrett at daisy.ee.und.ac.za
Fri Sep 30 02:25:02 PDT 1994


> The bug seems to be present in all versions (even the ViaCrypt versions
> have this problem). It has been reported as a bug to the MIT pgp-keepers.

The "bug" looks like a deliberate design decision to me.  Everything from
the "--- BEGIN PGP" line to the first blank line is ignored, and is not
considered part of the signed message.  There's a comment in the source
code (file armor.c in the versions I checked), saying "Skip header after
BEGIN line". 

--apb (Alan Barrett)







More information about the cypherpunks-legacy mailing list