known plain-text attacks

vedaal at vedaal at
Tue Dec 16 13:56:14 CET 2003

>Message: 2
>Date: Mon, 15 Dec 2003 23:50:09 -0800 (PST)
>From: Atom 'Smasher' <atom-gpg at>
>Subject: known plain-text attacks


>if two or more recipients are specified in an encrypted message,
> they all
>share a single symmetric session-key, which is asymmetrically encrypted
>using each of their public keys.... (as i understand it)
>if one of those recipients wanted to crack the private key of one
>of the
>other recipients, would it be helpful that the session-key is known?


>that facilitate a known plain-text attack? does it matter which
>encryption algorithm is used?


>are the algorithms vulnerable to this? does the implementation makes
>attack unlikely?

not vulnerable,
attack unlikely

the basis for the attack using a session key as known plaintext,

is trying to solve the following problem:

given the public key, the plaintext(session key in this example), 
the ciphertext (packet of session key encrypted to public key),

can the private key be found ?

this has been well studied,
and cannot be done,
even using plaintexts of only one character,
and no salt or padding,
and getting repeated ciphertexts, encrypted asymmetrically directly to
the public key,

the private key still can't be recovered 
(for either the rsa or dh algorithm)

(but it is a very reasonable question,
and i still haven't seen the 'proof' that it *can't* be done,
only many assurances that it has been tried repeaedly without success.)


Concerned about your privacy? Follow this link to get
FREE encrypted email:

Free, ultra-private instant messaging with Hush Messenger

Promote security and make money with the Hushmail Affiliate Program:

More information about the Gnupg-users mailing list