Plaintext attack vulnerabilities?

Brian Mearns bmearns at
Tue Jun 16 12:44:51 CEST 2009

Are there any known vulnerabilities associated with an attacker who
can provide plaintext and receive a signature for it? I'm planning a
simple computer-auth system where a client sends a random token to the
server, and then the server signs and returns it to prove that the
server has the private key. I'm wondering if a malicious client could
provide a certain plain text such it could learn something about the
private key based on the returned signature.

Similar attacks have happened on the APOP authentication scheme which
uses md5: a fake server presents a token to the client which gets
hashed with the client's password and sent back: by using certain
tokens, the server is able to drastically narrow down the range of a
brute force attack on the password, and after several such attacks,
people have actually been able to recover the first few characters of
the password. So now I'm wondering if any similar vulnerability is
known for OpenPGP signatures.


Feel free to contact me using PGP Encryption:
Key Id: 0x3AA70848
Available from:

More information about the Gnupg-users mailing list