Am Samstag 07 Dezember 2024 15:35:09 schrieb Andrew Gallagher via Gnupg-devel:
> there are already countless places in the wire format that an adversary
> could use for a covert channel,

It still may not be wise to add another place.
There can be unwanted side effects of adding a nonce
(is what I understand from the example).

> and I’m not aware of any implementation 
> (including gnupg) that attempts to close these channels, perhaps because
> doing so would be a rich source of interop failures. It would be
> counterproductive for an adversary to introduce salted signatures for this
> purpose, as doing so would only draw attention for little further benefit.

Which we only know if we fully understand all side effects.
Not saying that this is done deliberately.

Regards,
Bernhard


-- 
https://intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter

Attachment: signature.asc
Description: This is a digitally signed message part.

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
https://lists.gnupg.org/mailman/listinfo/gnupg-devel

Reply via email to