simultaneous symmetric and public key encryption ?

David Shaw
Thu Dec 19 05:07:10 2002

On Wed, Dec 18, 2002 at 09:00:57AM -0800, wrote:
> is it possible to symmetrically encrypt to one person, and at the
> same time encrypt the session key to another person's public key?

The spec supports this in theory, but GnuPG (or PGP, for that matter)
does not yet.

> would having the possibility of simultaneously encrypting
> symmetrically and to a public key, allow for a vulnerability in
> being able to crack the passphrase for the symmetric encryption?

The encryption is just as secure as it always is, but there is still a
security implication of doing this as it is easier to attack the
message because all you need to do is guess passphrases.  Attacking
the message with public key cryptography requires that the attacker
somehow steal your secret key *and* guess the passphrase.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson