MUA option "encrypt to self" weakness in certain situations?
malte.gell at gmx.de
Sun Apr 25 15:49:13 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Many MUA's or plugins allow to encrypt a message not only to the
recipient's key, but to your own key to keep the sent message secret on
your own machine.
But, can this strategy be a possible weakness? When using such an option
the message is now encrypted to 2 keys with the same session key: an
attacker can now chose which key to attack to restore the message.
Example: I have a 2048 bit ELG-E subkey and send a message to a person
whose encryption key has 4096 bit, I have enabled the MUA's "encrypt to
self" option. So the encrypted message contains the session key twice,
encrypted to 2 keys. The overall security is now limited to the shorter
key. The recipient is confident his long key protects the message to
him, but actually the "encrypt to self" option limits this protection
to the shorter key.
This could mean that if someone (=recipient) uses a long key it may be
rendered "useless" without intention if the sender has a short(er) key
and uses such an "encrypt to self" option in his MUA. Is this thought
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the Gnupg-users