known plain-text attacks
rhkelly
rhkelly at myrealbox.com
Tue Dec 16 16:04:22 CET 2003
Johan Wevers wrote:
>>if one of those recipients wanted to crack the private key of one of the
>>other recipients, would it be helpful that the session-key is known?
>
>
> Fortunately not. Otherwise, all an atacker had to do to crack my secret key
> was creating an encrypted message to my key and his own key.
>
>>does it matter which asymmetric encryption algorithm is used?
>
> Not if you choose one that is currently present in GnuPG (including the IDEA
> extension). They all are not vulnerable to a known-plaintext attack.
This is only true if one takes a view that the cipher in question
is 100% resistant to any kind of attack. This is a naive
assumption - history of cryptography abounds with sucessfull
attacks on ciphers that were, at the time, considered to be
attack-resistant by their users. It would also be reasonable to
postulate that if there are such attacks to any of the present
ciphers, known plaintext is likely to make a significant difference.
Protocols that provide an attacker with a known plain-text should
thus be avoided whwnever possible.
Roger K.
More information about the Gnupg-users
mailing list