Chosen CipherText Vulnerability

Newton Hammet
Thu Oct 10 08:55:32 2002

Hello All,

   I am still struggling with the paper co-authored by Bruce Schneier,
others, of "Implementation of Chosen-Ciphertext Attacks against PGP and

   I have concluded that a key part of the vulnerability lies in the
being snookered into sending back to "Mallory" the garbled decrypted
text as
a quote.  If one never sends back the decrypted text but a secure-hash
of the
decrypted text instead wouldn't this defeat this type of attack?

   I propose the following rules to increase security when using GnuPG:

1. Never send back a decryption of anything to anybody, esp. if it is
  back to a specific ciphertext.
2. Always have 2 different public keys one for signing and one for
  (and never swap their roles)
3. Never sign messages, only secure hashes of messages. (I think GnuPG
does this
by default).

   Would appreciate some discussion of this, or, opinions, on whether or
not my
proposals are sound.

Regards, Newton