Also...
I know we've both read and understand the paper, so I think we just have
a terminology discrepancy here. What is a bit confusing is using the words
encrypted vs. decrypted and ciphertext vs. cleartext when we're talking
about an attacker inserting contents into the message.
What I was tr
Thanks for replying again. Yes, I read Schneier's paper, which is why I am
confident that even the original attack scenario on a vulnerable implementation
would not apply to the use case I was originally concerned about after seeing
mention of a "security glitch," namely encrypted local file sto
integrity check when the message is not
cryptographically signed, allowing even the most rudimentary tampering to be
undetected.
Ciao,
Carter
On 02/29/2012 10:33 AM, Post Carter wrote:
> An individual intercepts an encrypted email. He places a plaintext addition
> within the package, in s