New crypto idea implemented in gpg
vedaal@hush.com
vedaal@hush.com
Sun Mar 9 19:14:01 2003
>Message: 1
>Date: Fri, 7 Mar 2003 13:05:42 -0500 (EST)
>From: "Brent R. Waters" <bwaters@CS.Princeton.EDU>
>> Subject: Re: New crypto idea implemented in gpg
>> From: vedaal@hush.com
>I put up a page with a couple of keys at
>http://www.cs.princeton.edu/~bwaters/research/incomparable_extra/index.html
>You can also generate you own with the code. If you can find any
>leakage
>of the key's source I would be interested to hear about it.
>
>If all of the Incomparable Public Keys that were equivalent were
>signed
>with one private key this could be a problem. For this reason the
>scheme
>implemented only has an encryption part and no signatures. This
>goes a
>little against the grain of gpg, which normally expects keys to
>be signed.
>
>Let me know if you come up with anything.
there seems to be a major problem with the keys as you have designed them:
who can you get to use them?
here are the error messages when trying to import the keys you posted, to gnupg {Nullify 1.2.1 // win 98}
Alice incomparable 1
gpg: armor: BEGIN PGP PUBLIC KEY BLOCK
gpg: armor header: :public key packet:
version 4, algo 39, created 1047056173, expires 0
unknown algorithm 39
gpg: can't handle public key algorithm 39
:user ID packet: "Incomparable <inc@nowhere>"
gpg: pub 0?/B22A3560 2003-03-07 gpg: key B22A3560: skipped user ID 'gpg: key B22A3560: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg: w/o user IDs: 1
Time: 3/9/03 12:15:59 PM (5:15:59 PM UTC)
PGPdump Results
Old: Public Key Packet(tag 6)(396 bytes)
Ver 4 - new
Public key creation time - Fri Mar 7 16:56:13 UTC 2003
Pub alg - unknown(pub 39)
Unknown public key(pub 39)
Old: User ID Packet(tag 13)(26 bytes)
User ID - Incomparable
Alice incomparable 2
gpg: armor: BEGIN PGP PUBLIC KEY BLOCK
gpg: armor header: :public key packet:
version 4, algo 39, created 1047056173, expires 0
unknown algorithm 39
gpg: can't handle public key algorithm 39
:user ID packet: "Incomparable <inc@nowhere>"
gpg: pub 0?/B22A3560 2003-03-07 gpg: key B22A3560: skipped user ID 'gpg: key B22A3560: no valid user IDs
gpg: this may be caused by a missing self-signature
gpg: Total number processed: 1
gpg: w/o user IDs: 1
Time: 3/9/03 12:21:29 PM (5:21:29 PM UTC)
PGPdump Results
Old: Public Key Packet(tag 6)(396 bytes)
Ver 4 - new
Public key creation time - Fri Mar 7 16:56:13 UTC 2003
Pub alg - unknown(pub 39)
Unknown public key(pub 39)
Old: User ID Packet(tag 13)(26 bytes)
User ID - Incomparable
private key:
gpg: armor: BEGIN PGP PRIVATE KEY BLOCK
gpg: armor header: :secret key packet:
version 4, algo 39, created 1047056173, expires 0
unknown algorithm 39
gpg: can't handle public key algorithm 39
:user ID packet: "Incomparable <inc@nowhere>"
gpg: sec 0?/B22A3560 2003-03-07 gpg: key B22A3560: secret key imported
gpg: Total number processed: 1
gpg: secret keys read: 1
gpg: secret keys imported: 1
- Secret keyring updated. -
Time: 3/9/03 12:47:38 PM (5:47:38 PM UTC)
even if you could get gnupg to ignore the missing self signature, and use the key anyway,
who would trust such a key for encrypted correspondence?
also, the fact that pgpdump does not recognize the key,
and both gnupg and pgpdump report the exact same errors for all the 'incomparable' keys,
{a rather unusual error message, not encountered when ordinarily importing a public key}
this *links* the keys to the same source
the concept you propose is interesting, and has usefulness,
but not in its present form
try re-doing it in a way that the keys can be imported and used without any special alerts, {the public keys anyway,}
and then re-posting it
my gut suspicion is that a packet link will be found when analyzing each public key thoroughly, and comparing them,
but, you never know... ;-)
good luck,
vedaal
Concerned about your privacy? Follow this link to get
FREE encrypted email: https://www.hushmail.com/?l=2
Big $$$ to be made with the HushMail Affiliate Program:
https://www.hushmail.com/about.php?subloc=affiliate&l=427