Security Implications

David Shaw
Fri Dec 14 01:22:01 2001

Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Dec 14, 2001 at 01:02:06AM +0100, Ingo Kl=F6cker wrote:

> On Wednesday 12 December 2001 20:53, Steve Butler wrote:
> > > A thought question for the crypto-analysts.
> > >
> > > Given the same file is being encrypted for two (or more) recipients
> > > all having separate public keys on my keyring.  Presume that I will
> > > FTP the encrypted file to each recipient's inbound FTP site.
> > > Ignoring the work overhead on my computer, which provides better
> > > overall security and immunity to decrypting attacks:
> > >
> > > 1.  Encrypt the file to each recipient individually and FTP each
> > > encrypted file to the appropriate recipient.  (encrypt many)
> > >
> > > 2.  Encrypt the file for all recipients and FTP the one encrypted
> > > file to each recipient's FTP site. (encrypt once with many
> > > recipients)
> It doesn't matter. In the second scenario the session key is encrypted=20
> with all the recipients' keys. Therefore the probability to find a key=20
> to decrypt the session key is slightly higher. But as it's much more=20
> time consuming to find the secret key corresponding to a public key=20
> than to simply find the session key (by brute force) nobody would ever=20
> try to crack the asymmetrically encrypted session key but would crack=20
> the symmetrically encrypted message itself instead.
> The only advantage of individually encrypted files is that the=20
> recipients then don't know to whom else you sent an encrypted version=20
> of this file.

You can use --throw-keyid to allow you to encrypt once to many
recipients without saying who they are.  The recipients must also have
an OpenPGP implementation like GnuPG that understands speculative


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.0.6c-cvs (GNU/Linux)