MUA option "encrypt to self" weakness in certain situations?
Malte Gell
malte.gell at gmx.de
Sun Apr 25 15:49:13 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Many MUA's or plugins allow to encrypt a message not only to the
recipient's key, but to your own key to keep the sent message secret on
your own machine.
But, can this strategy be a possible weakness? When using such an option
the message is now encrypted to 2 keys with the same session key: an
attacker can now chose which key to attack to restore the message.
Example: I have a 2048 bit ELG-E subkey and send a message to a person
whose encryption key has 4096 bit, I have enabled the MUA's "encrypt to
self" option. So the encrypted message contains the session key twice,
encrypted to 2 keys. The overall security is now limited to the shorter
key. The recipient is confident his long key protects the message to
him, but actually the "encrypt to self" option limits this protection
to the shorter key.
This could mean that if someone (=recipient) uses a long key it may be
rendered "useless" without intention if the sender has a short(er) key
and uses such an "encrypt to self" option in his MUA. Is this thought
correct?
Malte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAi8HnGzg12gD8wBYRAlcvAJ9/7HAvEWl4lLj8njy4CE2gMi2vCQCgnjCL
lDMZSLaKikKqPgh9fyr99sk=
=z9xd
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list