very short plaintexts symmetrically encrypted

Werner Koch wk at gnupg.org
Sun Jan 10 14:02:15 CET 2010


On Sun, 10 Jan 2010 04:44:35 -0500, vedaal at hush.com wrote:

> symmetrical encryption is a simple way to avoid signing, while 
> still maintaining relative reliability of knowledge as to who sent 
> the message

That is not true.  For example you can't detect a replay or MitM
attack.

Further even regular signing does not help you if the there is only a
limited set of different message contents (i.e. only Yes or No
messages).

GnuPG is a tool and not a complete solution to all (crypto) use
cases.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list