Chosen CipherText Vulnerability
Thu Oct 10 08:55:32 2002
I am still struggling with the paper co-authored by Bruce Schneier,
others, of "Implementation of Chosen-Ciphertext Attacks against PGP and
I have concluded that a key part of the vulnerability lies in the
being snookered into sending back to "Mallory" the garbled decrypted
a quote. If one never sends back the decrypted text but a secure-hash
decrypted text instead wouldn't this defeat this type of attack?
I propose the following rules to increase security when using GnuPG:
1. Never send back a decryption of anything to anybody, esp. if it is
back to a specific ciphertext.
2. Always have 2 different public keys one for signing and one for
(and never swap their roles)
3. Never sign messages, only secure hashes of messages. (I think GnuPG
Would appreciate some discussion of this, or, opinions, on whether or
proposals are sound.