MUA option "encrypt to self" weakness in certain situations?

Atom 'Smasher' atom-gpg at
Mon Apr 26 17:49:25 CEST 2004

Hash: SHA1

On Sun, 25 Apr 2004, Malte Gell wrote:
> This could mean that if someone (=recipient) uses a long key it may be
> rendered "useless" without intention if the sender has a short(er) key
> and uses such an "encrypt to self" option in his MUA. Is this thought
> correct?

correct. this is the case *anytime* multiple recipients are specified, not
only the case of encrypt-to-self. if an attacker wants to know the session
key, they can attack the "weakest" public that a message is encrypted to.

as i understand it, the public key implementations does not help an
attacker compute another private key, used in the same message.

part of the security of ANY encryption scheme depends not just on how
secure/paranoid ~you~ are, but also how secure/paranoid is the person
you're communicating with. a mistake on *their* end can cause *your*
secrets to not be secret.


 PGP key -
 3EBE 2810 30AE 601D 54B2 4A90 9C28 0BBF 3D7D 41E3

	"When one tries to rise above Nature one is
	 liable to fall below it."
		-- Sherlock Holmes (Arthur Conan Doyle)
Version: GnuPG v1.2.4 (FreeBSD)
Comment: What is this gibberish?  -


More information about the Gnupg-users mailing list