Security Implications
Ingo Klöcker
ingo.kloecker@epost.de
Sat Dec 15 17:01:01 2001
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 14 December 2001 16:33, Steve Butler wrote:
> Originally I was concerned that if someone intercepted all the files
> it might make my secret key easier to crack. But after thinking
> through the process I realized that my secret/public key isn't
> exposed at all unless I sign the data.
Only people who can encrypt the message can get your signature because
messages which are signed and encrypted are first signed and then the
signed message is encrypted together with the signature.
> However, I am concerned that having the same file encrypted by
> multiple session keys might make it slightly more likely for someone,
> who managed to intercept all the files, to recover the original text.
> Having it encrypted with a single session key would reduce that
> possibility. But I'm not sure that the difference in exposure is all
> that great.
It's not that great. It would reduce the average time needed to crack
the session key approximately by the amount of recipients (if for each
recipient another computer is used). But it really doesn't matter if it
takes someone 1 billion years or 100 million years in average to crack
the session key.
> If it is, then I may have to rethink my approach to sending the same
> data files to multiple recipients. Right now it is easier to take
> approach #1 which has the advantage that nobody knows who the other
> recipients are.
Regards,
Ingo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE8G2qWGnR+RTDgudgRAkt8AJ9UtsoZqbm/f/y0JZ7fHRVcQsPmogCgqj6u
32Rxi3wxmEOdVCdBxV24aMo=
=6Ky5
-----END PGP SIGNATURE-----