|
|
|
|
|
|
by upofadown
1239 days ago
|
|
|
If someone modifies your PGP encrypted password file and you decrypt it GPG will say: gpg: WARNING: encrypted message has been manipulated!
... and GPG will return a fatal error. So the meandering stuff about the malleability of PGP is not of any practical interest. The underlying cryptography that insures the integrity here has stood the test of time (over 20 years at this point).In another part of the article it is mentioned that an attacker can entirely replace a particular password file ("No authentication of values") which makes the PGP malleability stuff irrelevant. So we are maximizing the number of listed issues here. Note that pass will sign the password files if configured to do so which makes this issue go away. |
|
|