On Mon, Jul 30, 2012 at 10:45 AM, <ved...@nym.hush.com> wrote: > While playing around with --override-session key , have noticed > that gpg gives many different sets of error messages when trying > out different session keys. > ... CUT ...
> Borh examples give error messages identical to the first one, > except that when the first 8 real characters are used, the error > message of 'gpg: [don't know]: invalid packet (ctb=37)' is not > present, > and when the second real 4 characters are used, there is a > 'different' error message of 'gpg: [don't know]: invalid packet > (ctb=32)'. > > Anything real about the 'oracle' action in any of this ? > > > vedaal Should we be worried about "oracle" behavior on a local running application? It seems "oracle" behavior is all the rage even though it makes ZERO sense on a local machine unless there is obfuscation involved. On a local machine, you could take the data and just run the algorithms yourself. Does anyone run gpg on a server and let people send arbitrary data to it? If so, then I'd suggest that a "quiet" execution be performed that way only the exit code can be used that it's failure. -- Thomas Harning Jr. (http://about.me/harningt) Please support my wife as she runs her first marathon to raise $2,620 for St Jude Children's Hospital - http://heroes.stjude.org/jenniferharning _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
