Chosen CipherText Vulnerability
Newton Hammet
newton@hammet.net
Thu Oct 10 08:55:32 2002
Hello All,
I am still struggling with the paper co-authored by Bruce Schneier,
among
others, of "Implementation of Chosen-Ciphertext Attacks against PGP and
GnuPG.
I have concluded that a key part of the vulnerability lies in the
recipient
being snookered into sending back to "Mallory" the garbled decrypted
text as
a quote. If one never sends back the decrypted text but a secure-hash
of the
decrypted text instead wouldn't this defeat this type of attack?
I propose the following rules to increase security when using GnuPG:
1. Never send back a decryption of anything to anybody, esp. if it is
tied
back to a specific ciphertext.
2. Always have 2 different public keys one for signing and one for
encrpytion.
(and never swap their roles)
3. Never sign messages, only secure hashes of messages. (I think GnuPG
does this
by default).
Would appreciate some discussion of this, or, opinions, on whether or
not my
proposals are sound.
Regards, Newton