[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Duplicity-talk] Stream Vulnerability

From: edgar . soldin
Subject: Re: [Duplicity-talk] Stream Vulnerability
Date: Sun, 31 Aug 2014 13:56:31 +0200
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.0

On 29.08.2014 23:30, Jonathan Brown wrote:
> Could anyone tell me if Duplicity is vulnerable to stream encryption 
> vulnerabilities utilizing GPG? This blog post talks about issues affecting 
> encryption that uses GPG and I would like to know if there is any reason to 
> be concerned. Thanks
> https://www.imperialviolet.org/2014/06/27/streamingencryption.html 
> <mailto:address@hidden>

it's unclear to me how an attacker might use this vulnerability in case of 
duplicity. can you give an example?

generally duplicity has all flaws of gpg. volumes/files are created by piping 
them into a gpg process and using the resulting encrypted files.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]