Re: [dev] securiy guidance

From: Sergey Matveev <>
Date: Sat, 10 Mar 2018 21:41:33 +0300

*** Markus Teich [2018-03-10 21:29]:
>You are correct that it doesn't hurt to add a MAC. I was thinking it wouldn't
>make sense to authenticate to myself. Could you point me to an attack
>where not having a MAC in this scheme is bad?

Actually I can not. Well, those data could be forged by an adversary,
because it is either lying on the disk, or shared via some remote host
through the network. If you decrypt that altered data (without
authentication), then you will get some garbage, that presumably is
entered directly to the form or some kind of X11-buffer for example. It
just would be nice to return bad exit code if integrity of deciphered
text is bad, not to process deciphered garbage.

I agree that adding MAC would not hurt. It is cheaper to add it, than
trying to think out of possible attacks. Moreover some libraries (for
example simply
does not allow to create unauthenticated ciphertext at all, for the good

Sergey Matveev (
OpenPGP: CF60 E89A 5923 1E76 E263  6422 AE1A 8109 E498 57EF

Received on Sat Mar 10 2018 - 19:41:33 CET

This archive was generated by hypermail 2.3.0 : Sat Mar 10 2018 - 19:48:21 CET