simultaneous symmetric and public key encryption ?

David Shaw
Thu Dec 19 19:04:47 2002

On Thu, Dec 19, 2002 at 08:08:30AM -0800, wrote:

> On Wed, 18 Dec 2002 20:05:18 -0800 David Shaw <> wrote:
> >> would having the possibility of simultaneously encrypting
> >> symmetrically and to a public key, allow for a vulnerability in
> >> being able to crack the passphrase for the symmetric encryption?
> >
> >The encryption is just as secure as it always is, but there is still 
> >a
> >security implication of doing this as it is easier to attack the
> >message because all you need to do is guess passphrases.  Attacking
> >the message with public key cryptography requires that the attacker
> >somehow steal your secret key *and* guess the passphrase.
> but wouldn't it then be 'easier' for the person to whose key it is
> simultaneously encrypted, to crack the passphrase used for the
> symmetric encryption?
> assume a message is encrypted to Alice's public key, and simultanoeusly
> also symmetrically encrypted to Bob.
> Alice has the plaintext, the ciphertext, and the session key for the message.
> would that make it easier to solve for 
> [session key hashed with passphrase]
> than if the session key were not known?

It doesn't work that way when mixing symmetric and public-key
encryption.  The passphrase+s2k+hash is used to decrypt the existing
session key, and is not the session key itself.

In general, this comes down to the "how secure is your passphrase"
question.  Alice has the same ability as any random person in deriving
Bob's passphrase.


   David Shaw  |  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson