filenames of encrypted attachments visible ? How hard would it be to hide?

Ralf Hauser ralfhauser at gmx.ch
Mon Jan 5 14:06:54 CET 2004


To my understanding,

If I send a message with attachments, the attachment filename is visible
without cryptanalysis.
Would it be hard to give the encrypted file a random name and only upon
decryption, give it back its real name?

http://www.ietf.org/rfc/rfc2440.txt doesn't appear state anything on this
issue.

Isn't that kind of giving away information that could be easily protected -
or did I miss something?

Rgds
	Ralf

Sample use case: Some investment banker uses PGP and sends around an
attachment with the name "UnfriendlyTakeoverOfListedCorpXYZ.doc.asc" - isn't
that kind of an invitation to insiders?
Sure, it wouldn't be hard to rename the file before sending, but this kind
of negligence is happening all over... and I hope applications like gpg/pgp
could eventually become fool-proof/fail-safe to this level?




More information about the Gnupg-users mailing list