Jerome Baum jerome at
Tue Mar 22 20:17:35 CET 2011

David Shaw <dshaw at> writes:

> Hmm.  I'm not sure you and I are on the same page with this attack.  I
> don't think that Alice's rigged  message to Baker necessarily needs to
> be  forged to  come  from the  original  sender.  Alice  can send  the
> message to Baker as herself, with no special signing or other trickery
> to fool Baker  about the origin of the message.  She  can even sign it
> (as herself) if  she wants.  The contents of the  message just need to
> be something Baker would naturally reply to.

Yeah I got a bit carried off  there. So any way to counter that, besides
keeping a list  of (hash(cryptd-text), hash(session-key | random-parts))
to warn you if one is reused? Obviously that is a pretty dumb way, so is
there any way at all to counter a session-key-reuse attack?

PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 880 bytes
Desc: not available
URL: </pipermail/attachments/20110322/02ac07fa/attachment.pgp>

More information about the Gnupg-users mailing list