known plain-text attacks

Neil Williams linux at
Tue Dec 16 19:07:13 CET 2003

On Tuesday 16 Dec 2003 4:04 pm, rhkelly wrote:
> Johan Wevers wrote:
> > Not if you choose one that is currently present in GnuPG (including the
> > IDEA extension). They all are not vulnerable to a known-plaintext attack.
> This is only true if one takes a view that the cipher in question
> is 100% resistant to any kind of attack. This is a naive

I know that no cipher is 100%, but if it's not vulnerable to plain text, how 
does a second vulnerability affect the first? If it's vulnerable by some 
secondary means, it doesn't mean that the first means is also vulnerable - 
otherwise all Elgamal keys would be affected by the vulnerability in 
encrypt+sign Elgamal. 

It's all a question of matching the level of protection against the perceived 
level of the threat. I don't use GnuPG to hope to attain 100% - I don't think 
anyone does - I use it because it is sufficient protection for my needs in as 
far as any software-only protection can be sufficient. I still use other 
software and non-software methods.
(If you don't lock the front door to your house, GnuPG can't protect the 
secret key on your computer!)

> assumption - history of cryptography abounds with sucessfull
> attacks on ciphers that were, at the time, considered to be
> attack-resistant by their users. It would also be reasonable to
> postulate that if there are such attacks to any of the present
> ciphers, known plaintext is likely to make a significant difference.
> Protocols that provide an attacker with a known plain-text should
> thus be avoided whwnever possible.
> Roger K.

Which means, what?

Don't use SMTP, CC/BCC + encryption?


Neil Williams
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20031216/0a4c70c8/attachment.bin

More information about the Gnupg-users mailing list