feature request

Fri Sep 28 19:26:53 CEST 2007

I am not a GnuPG developer; they may disagree with me or outright say
"hey, sure, we'll support it".  That said, I think that what I'm saying
here is in rough accordance with their vision of the GnuPG project.  If
I am wrong, I'm sure they'll correct me.  :)

Mark E. Wunderlich wrote:
> I would like gpg to be able, when using symmetric ciphers, to produce
>  `anonymous' output -- that is, output such that one cannot be sure
> that gpg produced it, or that a given passphrase does not
> successfully decode it.

This means going beyond the OpenPGP spec.  OpenPGP has a very specific
format for symmetrically encrypted documents.  If you want something
that is not OpenPGP-conformant, you probably need to go elsewhere.

> I would like to be able to do this so that, for example, I could run
> gpg repeatedly, and someone who was decoding the data would not know
> whether he was on the right track.

Unless you're encrypting large blocks of random noise, I don't see how
this is possible.  Even if GnuPG itself doesn't tell me "nope, that key
didn't decrypt the message successfully," I could figure it out myself
from how the output is statistically indistinguishable from random noise.

See, e.g.: http://www.schneier.com/crypto-gram-9812.html#plaintext

> I also might want to combine gpg with another approach, e.g., XOR-ing
> the target file against another file.

Unless you have a graduate degree in mathematics and a background in
breaking ciphers, this is probably a spectacularly bad idea.  Cipher
design is a fabulously black art; even the acknowledged geniuses of the
field screw it up more often than not.

Anyone can make a cipher they themselves cannot break.  It requires a
great deal of study and trial and error and just blind luck to make a
cipher that nobody can break.

> Again, the idea would be that `anonymizing' gpg's output would make
> it more difficult for someone to untangle such combined approaches

Yes, because double ROT-13 is more difficult to read than single ROT-13.

There is a very large corpus of knowledge about cipher composition;
which ways tend to increase the strength of a system, and which only
diminish it.  It is far, far, far easier to diminish the strength of a
system.  The likelihood of an ad-hoc method improving overall security
is vanishingly small.  Almost zero.

> the general idea is that the ability to produce `anonymous' output
> would make gpg a more flexible part of a larger toolkit.

GnuPG is not 'part of a larger toolkit'.

GnuPG and its associated libraries provide an implementation of RFC2440,
and is slowly growing to cover a couple of other RFCs (S/MIME, etc.).
That's all, nothing else.