Hi, Malleability means that an attacker who is able to modify your encrypted data can - given some partial knowledge about the plaintext - do some modification of the ciphertext that will lead to specific modifications in the plaintext. This can e.g. mean that if the attacker knows your plaintext is a tar file he knows the first bytes. Thus by some clever XOR-ing he can inject blocks into your ciphertext that he can control. All of this was the basis of the efail attack earlier this year. Ideally you don't want to use any cipher that is vulnerable to these kinds of attacks. More modern cipher modes use authenticated encryption, which means they'll detect if modifications have happened. Such modes are e.g. GCM or Poly1305. As for OpenSSL CLI vs. GnuPG, neither of them is ideal, but GnuPG is better. It uses a hash to provide some kind of authentication. It's not really an authenticated encryption mode, but it comes close. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@xxxxxxxxx GPG: FE73757FA60E4E21B937579FA5880072BBB51E42 -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
