Observe in the manpage that catcrypt prevents file truncation by securely

author mdw <mdw>

Mon, 4 Oct 2004 08:16:38 +0000 (08:16 +0000)

committer mdw <mdw>

Mon, 4 Oct 2004 08:16:38 +0000 (08:16 +0000)
author mdw <mdw>
Mon, 4 Oct 2004 08:16:38 +0000 (08:16 +0000)
committer mdw <mdw>
Mon, 4 Oct 2004 08:16:38 +0000 (08:16 +0000)
diff --git a/catcrypt.1 b/catcrypt.1

index 603d1d1..e38f441 100644 (file)
--- a/catcrypt.1
+++ b/catcrypt.1
@@ -664,7 +664,12 @@ packet doesn't contain the signed message, just the signature.
  .hP 5.
  Split the message into blocks.  For each block, pick a random IV from
  the keystream, encrypt the block and emit a packet containing the
-IV, ciphertext and a MAC tag.
+IV, ciphertext, and a MAC tag over the ciphertext and a sequence number.
+.hP 6.
+The last chunk is the encryption of an empty plaintext block.  No
+previous plaintext block is empty.  This lets us determine the
+difference between a complete file and one that's been maliciously
+truncated.
  .PP
  That's it.  Nothing terribly controversial, really.
  .SH "SEE ALSO"