Quote from: Guru on July 23, 2012, 04:49 amQuote from: nomodeset on July 22, 2012, 11:30 amOk, the simplest forms of attack seem impossible. Just wondering if any type of attack described here:http://www.cs.umd.edu/~jkatz/papers/pgp-attack.pdfis still actual.From the article you cited:  On the other hand, compression done by the encryption software itself (whenan uncompressed le is sent) causes the attack to fail. In the case of GnuPG(when compression is used), the attack fails only due to the presence ofa message integrity check which is not explicitly required2 as part of theOpenPGP specication [3]. Without the integrity check, the attack succeeds100% of the time.From RFC 4880: 5.13. Sym. Encrypted Integrity Protected Data Packet (Tag 18) The Symmetrically Encrypted Integrity Protected Data packet is a variant of the Symmetrically Encrypted Data packet. It is a new feature created for OpenPGP that addresses the problem of detecting a modification to encrypted data. It is used in combination with a Modification Detection Code packet. I would say that compliance with RFC 4880 has eliminated the possibility of a successful attack as described in the paper you quoted. Ah, I knew I should've checked to see if you'd responded before I replied to nomodeset. I was also too slack to trawl through the current RFC for the relevant bit.