filenames of encrypted attachments visible ? How hard would it be
to hide?
Ralf Hauser
ralfhauser at gmx.ch
Mon Jan 5 14:06:54 CET 2004
To my understanding,
If I send a message with attachments, the attachment filename is visible
without cryptanalysis.
Would it be hard to give the encrypted file a random name and only upon
decryption, give it back its real name?
http://www.ietf.org/rfc/rfc2440.txt doesn't appear state anything on this
issue.
Isn't that kind of giving away information that could be easily protected -
or did I miss something?
Rgds
Ralf
Sample use case: Some investment banker uses PGP and sends around an
attachment with the name "UnfriendlyTakeoverOfListedCorpXYZ.doc.asc" - isn't
that kind of an invitation to insiders?
Sure, it wouldn't be hard to rename the file before sending, but this kind
of negligence is happening all over... and I hope applications like gpg/pgp
could eventually become fool-proof/fail-safe to this level?
More information about the Gnupg-users
mailing list