known plain-text attacks

rhkelly rhkelly at
Tue Dec 16 16:04:22 CET 2003

Johan Wevers wrote:
>>if one of those recipients wanted to crack the private key of one of the
>>other recipients, would it be helpful that the session-key is known?
> Fortunately not. Otherwise, all an atacker had to do to crack my secret key
> was creating an encrypted message to my key and his own key. 
>>does it matter which asymmetric encryption algorithm is used?
> Not if you choose one that is currently present in GnuPG (including the IDEA
> extension). They all are not vulnerable to a known-plaintext attack.

This is only true if one takes a view that the cipher in question
is 100% resistant to any kind of attack. This is a naive
assumption - history of cryptography abounds with sucessfull
attacks on ciphers that were, at the time, considered to be
attack-resistant by their users. It would also be reasonable to
postulate that if there are such attacks to any of the present
ciphers, known plaintext is likely to make a significant difference.
Protocols that provide an attacker with a known plain-text should
thus be avoided whwnever possible.

Roger K.

More information about the Gnupg-users mailing list