very short plaintexts symmetrically encrypted

vedaal at vedaal at
Sun Jan 10 10:44:35 CET 2010

On Fri, 08 Jan 2010 15:03:53 -0500 Benjamin Donnachie <benjamin at py-> wrote:

>2010/1/8  <vedaal at>:
>> At any rate, it seems disturbingly easy to distinguish between
>> symmetrically encrypted messages having only the word 'yes' or 
>> just by 'looking' at the ciphertext.
>i. Don't send such short messages
>ii. Don't use symmetric encryption.

i have no problem with this,

there is a trivial workaround to make everybody happy:

simply pad the plaintext manually to a total of eight characters
(am assuming that the words 'yes' or 'no' are less than 8 
characters in all languages using open-pgp ;-) )
i.e.  'no******' or  'yes*****'
and then symmetrically encrypt.

symmetrical encryption is a simple way to avoid signing, while 
still maintaining relative reliability of knowledge as to who sent 
the message

(for a good passphrase, usually, only the person who knows the 
passphrase encrypted and sent it,)

the issue is, 
that if people 'trust' open-pgp
(and i do , and 'love' it, and am not trying to find fault with it)
to symmetrically encrypt messages,

then there should be some sort of alert or advisory that the 
plaintext should be a minimum length
(whatever that minimum length or alert/advisory should be,
i leave it up to the developers or the ietf open-pgp wg ;-) )


More information about the Gnupg-users mailing list