very short plaintexts symmetrically encrypted
vedaal at hush.com
vedaal at hush.com
Sun Jan 10 10:44:35 CET 2010
On Fri, 08 Jan 2010 15:03:53 -0500 Benjamin Donnachie <benjamin at py-
soft.co.uk> wrote:
>2010/1/8 <vedaal at hush.com>:
>> At any rate, it seems disturbingly easy to distinguish between
>> symmetrically encrypted messages having only the word 'yes' or
>'no'
>> just by 'looking' at the ciphertext.
>
>i. Don't send such short messages
>ii. Don't use symmetric encryption.
i have no problem with this,
there is a trivial workaround to make everybody happy:
simply pad the plaintext manually to a total of eight characters
(am assuming that the words 'yes' or 'no' are less than 8
characters in all languages using open-pgp ;-) )
i.e. 'no******' or 'yes*****'
and then symmetrically encrypt.
symmetrical encryption is a simple way to avoid signing, while
still maintaining relative reliability of knowledge as to who sent
the message
(for a good passphrase, usually, only the person who knows the
passphrase encrypted and sent it,)
the issue is,
that if people 'trust' open-pgp
(and i do , and 'love' it, and am not trying to find fault with it)
to symmetrically encrypt messages,
then there should be some sort of alert or advisory that the
plaintext should be a minimum length
(whatever that minimum length or alert/advisory should be,
i leave it up to the developers or the ietf open-pgp wg ;-) )
vedaal
More information about the Gnupg-users
mailing list