Robert J. Hansen
rjh at sixdemonbag.org
Fri Sep 28 19:26:53 CEST 2007
I am not a GnuPG developer; they may disagree with me or outright say
"hey, sure, we'll support it". That said, I think that what I'm saying
here is in rough accordance with their vision of the GnuPG project. If
I am wrong, I'm sure they'll correct me. :)
Mark E. Wunderlich wrote:
> I would like gpg to be able, when using symmetric ciphers, to produce
> `anonymous' output -- that is, output such that one cannot be sure
> that gpg produced it, or that a given passphrase does not
> successfully decode it.
This means going beyond the OpenPGP spec. OpenPGP has a very specific
format for symmetrically encrypted documents. If you want something
that is not OpenPGP-conformant, you probably need to go elsewhere.
> I would like to be able to do this so that, for example, I could run
> gpg repeatedly, and someone who was decoding the data would not know
> whether he was on the right track.
Unless you're encrypting large blocks of random noise, I don't see how
this is possible. Even if GnuPG itself doesn't tell me "nope, that key
didn't decrypt the message successfully," I could figure it out myself
from how the output is statistically indistinguishable from random noise.
See, e.g.: http://www.schneier.com/crypto-gram-9812.html#plaintext
> I also might want to combine gpg with another approach, e.g., XOR-ing
> the target file against another file.
Unless you have a graduate degree in mathematics and a background in
breaking ciphers, this is probably a spectacularly bad idea. Cipher
design is a fabulously black art; even the acknowledged geniuses of the
field screw it up more often than not.
Anyone can make a cipher they themselves cannot break. It requires a
great deal of study and trial and error and just blind luck to make a
cipher that nobody can break.
> Again, the idea would be that `anonymizing' gpg's output would make
> it more difficult for someone to untangle such combined approaches
Yes, because double ROT-13 is more difficult to read than single ROT-13.
There is a very large corpus of knowledge about cipher composition;
which ways tend to increase the strength of a system, and which only
diminish it. It is far, far, far easier to diminish the strength of a
system. The likelihood of an ad-hoc method improving overall security
is vanishingly small. Almost zero.
> the general idea is that the ability to produce `anonymous' output
> would make gpg a more flexible part of a larger toolkit.
GnuPG is not 'part of a larger toolkit'.
GnuPG and its associated libraries provide an implementation of RFC2440,
and is slowly growing to cover a couple of other RFCs (S/MIME, etc.).
That's all, nothing else.
More information about the Gnupg-users