[Announce] Attack against OpenPGP encryption

Malte Gell malte.gell at gmx.de
Fri Feb 11 17:23:48 CET 2005

On Friday 11 February 2005 02:00, David Shaw wrote:
> Last night, Serge Mister and Robert Zuccherato published a paper
> reporting on an attack against OpenPGP symmetric encryption.
> [...]
> There is a very good writeup on the attack that goes into more depth
> at http://www.pgp.com/library/ctocorner/openpgp.html

This is really amazing stuff. I just read their PDF and they make a 
suggestion how a new kind of "quick check" could like like: adding the 
hash of the symmetric key... I'm not a cryptologist, but this sounds 
absolutely crazy, this would mean in the future the security of 
symmetric encryption relies not only on the cipher, but on a hash 
algorithm... regarding the recent discussions and rumours about hash 
algorithms in general, is this really safer!?
Are there several different ideas what the new "quick check" could look 
like or is there even already a consesus what it could look like?


More information about the Gnupg-users mailing list