Fri Dec 14 01:22:01 2001
Content-Type: text/plain; charset=iso-8859-1
On Fri, Dec 14, 2001 at 01:02:06AM +0100, Ingo Kl=F6cker wrote:
> On Wednesday 12 December 2001 20:53, Steve Butler wrote:
> > > A thought question for the crypto-analysts.
> > >
> > > Given the same file is being encrypted for two (or more) recipients
> > > all having separate public keys on my keyring. Presume that I will
> > > FTP the encrypted file to each recipient's inbound FTP site.
> > > Ignoring the work overhead on my computer, which provides better
> > > overall security and immunity to decrypting attacks:
> > >
> > > 1. Encrypt the file to each recipient individually and FTP each
> > > encrypted file to the appropriate recipient. (encrypt many)
> > >
> > > 2. Encrypt the file for all recipients and FTP the one encrypted
> > > file to each recipient's FTP site. (encrypt once with many
> > > recipients)
> It doesn't matter. In the second scenario the session key is encrypted=20
> with all the recipients' keys. Therefore the probability to find a key=20
> to decrypt the session key is slightly higher. But as it's much more=20
> time consuming to find the secret key corresponding to a public key=20
> than to simply find the session key (by brute force) nobody would ever=20
> try to crack the asymmetrically encrypted session key but would crack=20
> the symmetrically encrypted message itself instead.
> The only advantage of individually encrypted files is that the=20
> recipients then don't know to whom else you sent an encrypted version=20
> of this file.
You can use --throw-keyid to allow you to encrypt once to many
recipients without saying who they are. The recipients must also have
an OpenPGP implementation like GnuPG that understands speculative
David Shaw | firstname.lastname@example.org | WWW http://www.jabberwocky.com/
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6c-cvs (GNU/Linux)
-----END PGP SIGNATURE-----