Re:Question: is the compression really a fix? (Score 1)

Compression makes the attack very difficult to perform, because PGP does not output anything for the attacker to use if decompression fails. Basically, the compression problem is as follows : Is there some way to insert random data into a compressed message and ensure that the decompressor will not choke on it and die ? If so, the attack would become workable even with compression enabled. It actually does work, on the off chance that the random data does not mess up the decompressor - that only seems to happen when the message is very very short though.