PGP hole
Alan Barrett
barrett at daisy.ee.und.ac.za
Fri Sep 30 02:25:02 PDT 1994
> The bug seems to be present in all versions (even the ViaCrypt versions
> have this problem). It has been reported as a bug to the MIT pgp-keepers.
The "bug" looks like a deliberate design decision to me. Everything from
the "--- BEGIN PGP" line to the first blank line is ignored, and is not
considered part of the signed message. There's a comment in the source
code (file armor.c in the versions I checked), saying "Skip header after
BEGIN line".
--apb (Alan Barrett)
More information about the cypherpunks-legacy
mailing list