simultaneous symmetric and public key encryption ?

vedaal@hush.ai vedaal@hush.ai
Thu Dec 19 17:09:01 2002



On Wed, 18 Dec 2002 20:05:18 -0800 David Shaw <dshaw@jabberwocky.com> wrote:

>> would having the possibility of simultaneously encrypting
>> symmetrically and to a public key, allow for a vulnerability in
>> being able to crack the passphrase for the symmetric encryption?
>
>The encryption is just as secure as it always is, but there is still 
>a
>security implication of doing this as it is easier to attack the
>message because all you need to do is guess passphrases.  Attacking
>the message with public key cryptography requires that the attacker
>somehow steal your secret key *and* guess the passphrase.

but wouldn't it then be 'easier' for the person to whose key it is simultaneously encrypted, to crack the passphrase used for the symmetric encryption?

assume a message is encrypted to Alice's public key, and simultanoeusly
also symmetrically encrypted to Bob.

Alice has the plaintext, the ciphertext, and the session key for the message.

would that make it easier to solve for 
[session key hashed with passphrase]
than if the session key were not known?
{and therefore a vulnerability in communications between the sender
and Bob, if they continue with the same or similar passphrases for symmetric encryption}

or is it still insignificant enough with a 128 bit symmetric encryption,
to not make any difference?

tia,

vedaal





Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2 

Big $$$ to be made with the HushMail Affiliate Program: 
https://www.hushmail.com/about.php?subloc=affiliate&l=427