dshaw at jabberwocky.com
Fri Sep 28 23:12:23 CEST 2007
On Fri, Sep 28, 2007 at 10:29:31AM -0400, Mark E. Wunderlich wrote:
> I would like gpg to be able, when using symmetric ciphers, to produce
> `anonymous' output -- that is, output such that one cannot be sure that
> gpg produced it, or that a given passphrase does not successfully decode
> it. (That is, if you enter the wrong passphrase, you get garbage
> instead of an error message.)
> I would like to be able to do this so that, for example, I could run gpg
> repeatedly, and someone who was decoding the data would not know whether
> he was on the right track. I also might want to combine gpg with
> another approach, e.g., XOR-ing the target file against another file.
> Again, the idea would be that `anonymizing' gpg's output would make it
> more difficult for someone to untangle such combined approaches; the
> general idea is that the ability to produce `anonymous' output would
> make gpg a more flexible part of a larger toolkit.
This is a bad, or at least unnecessary feature. If GPG is strong,
there is no benefit in playing games with the file format to make it
look like something else. If GPG is not strong, you shouldn't be
using it in the first place.
More information about the Gnupg-users