This article really seemed kinda obvious to me, but I think the subject matter is worth reading about if you have at any point used either PGP or GnuPG.Quote:
OpenPGP and GnuPG are susceptible to a chosen-cyphertext attack which would allow an adversary capable of intercepting an encrypted message to use the intended recipient as an unwitting 'decryption oracle', researchers Kahil Jallad, Jonathan Katz and Bruce Schneier report in a recent paper
The fact that it can be practically exploited is a little bothersome. I don't use PGP and GPG for home use, but at work we tend to use it quite often over internet and intranet. I vaguely recall that there was a new revision (PGP) to be released this year and I hope that part of this will become a little less likely to occur.Quote:
The authors have confirmed that the attack can be exploited practically.
My Source which seems to have gotten it's information from here.
For those interested, the paper describing this is available here.
I recommend reading the paper so you can be well informed and make good decisions on the direction you would like to continue on in as it pertains to your encryption measures.
Happy reading and regards.
