Infere key frm plaintext and exncrypted version?
Gates, Scott
SGates@olbh.com
Fri Aug 29 20:16:01 2003
GPG & PGP are resistant to a 'plaintext' attack because the TEXT is
encrypted with a randomized session key, unique to that message. So, if =
the
session key is compromised, it'll never be used again anyway. This =
makes it
*similar* to the only mathematically proven encryption scheme, the =
"one-time
pad". Also, if the attacker has both plaintext and encrypted text at =
this
time, discovering the session key is kind of a useless mathematical
excersize--and you have OTHER problems with security, anyway. =20
The SESSION key is encrypted with the recipient's public key To find =
his
secret key from that, the attacker would have to be able to factor the
product of two REALLY large primes. Unless new factoring algorithms are
devised, it would be faster and more cost efficient to go find the =
sender or
intended recipient and beat the info out of him. (This is a possibility
covered in Phil Zimmermann's book about PGP. As I recall, he claimed =
PGP
couldn't protect the information from being beaten out of the sender or
receiver. I suppose EVERY algorithm has its shortcomings.)
-----Original Message-----
From: Ruediger Kupper [mailto:Ruediger.Kupper@honda-ri.de]=20
Sent: Friday, August 29, 2003 9:59 AM
To: gnupg-users@gnupg.org
Subject: Infere key frm plaintext and exncrypted version?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
you probably heard this question before on this list, but please allow =
me to
ask again:
If someone manages to get his hands on the plain as well as
the encrypted version of the same text, does this enable him
to infere the encryption key?
And if so, does this refer to the session key only, or will
it compromise the whole PGP key?
Thanks for your expertise,
Best regards,
R=FCdiger Kupper
- --
R=FCdiger Kupper
Honda Research Institute Europe GmbH
Carl-Legien-Stra=DFe 30
D-63073 Offenbach/Main, Germany
Phone : +049 (0)69-890 11-725
Fax : +049 (0)69-890 11-749
E-Mail: Ruediger.Kupper@Honda-RI.de
PGP ID: C2303358
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/T1wUArljR8IwM1gRAimpAKDXajTK6HYxbag24z5b22Ff50TFigCgzmib
Pvfg0+lsmwL94v2uQs/9+4w=3D
=3Dw8PU
-----END PGP SIGNATURE-----
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org =
http://lists.gnupg.org/mailman/listinfo/gnupg-users