|
From: | edgar . soldin |
Subject: | Re: [Duplicity-talk] Stream Vulnerability |
Date: | Sun, 31 Aug 2014 13:56:31 +0200 |
User-agent: | Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.0 |
On 29.08.2014 23:30, Jonathan Brown wrote: > Could anyone tell me if Duplicity is vulnerable to stream encryption > vulnerabilities utilizing GPG? This blog post talks about issues affecting > encryption that uses GPG and I would like to know if there is any reason to > be concerned. Thanks > > https://www.imperialviolet.org/2014/06/27/streamingencryption.html > <mailto:address@hidden> > > it's unclear to me how an attacker might use this vulnerability in case of duplicity. can you give an example? generally duplicity has all flaws of gpg. volumes/files are created by piping them into a gpg process and using the resulting encrypted files. ..ede/duply.net
[Prev in Thread] | Current Thread | [Next in Thread] |