Thanks for replying again. Yes, I read Schneier's paper, which is why I am
confident that even the original attack scenario on a vulnerable implementation
would not apply to the use case I was originally concerned about after seeing
mention of a security glitch, namely encrypted local file
Also...
I know we've both read and understand the paper, so I think we just have
a terminology discrepancy here. What is a bit confusing is using the words
encrypted vs. decrypted and ciphertext vs. cleartext when we're talking
about an attacker inserting contents into the message.
What I was
is not
cryptographically signed, allowing even the most rudimentary tampering to be
undetected.
Ciao,
Carter
On 02/29/2012 10:33 AM, Post Carter wrote:
An individual intercepts an encrypted email. He places a plaintext addition
within the package, in such a manner that when the originally intended
