[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gnupg-users
Subject:    RE: Infere key frm plaintext and exncrypted version?
From:       "Gates, Scott" <SGates () olbh ! com>
Date:       2003-08-29 16:44:23
[Download RAW message or body]

GPG & PGP are resistant to a 'plaintext' attack because the TEXT is
encrypted with a randomized session key, unique to that message. So, if the
session key is compromised, it'll never be used again anyway. This makes it
*similar* to the only mathematically proven encryption scheme, the "one-time
pad". Also, if the attacker has both plaintext and encrypted text at this
time, discovering the session key is kind of a useless mathematical
excersize--and you have OTHER problems with security, anyway.  

The SESSION key is encrypted with the recipient's public key  To find his
secret key from that, the attacker would have to be able to factor the
product of two REALLY large primes. Unless new factoring algorithms are
devised, it would be faster and more cost efficient to go find the sender or
intended recipient and beat the info out of him. (This is a possibility
covered in Phil Zimmermann's book about PGP.  As I recall, he claimed PGP
couldn't protect the information from being beaten out of the sender or
receiver. I suppose EVERY algorithm has its shortcomings.)


-----Original Message-----
From: Ruediger Kupper [mailto:Ruediger.Kupper@honda-ri.de] 
Sent: Friday, August 29, 2003 9:59 AM
To: gnupg-users@gnupg.org
Subject: Infere key frm plaintext and exncrypted version?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,

you probably heard this question before on this list, but please allow me to
ask again:

If someone manages to get his hands on the plain as well as
the encrypted version of the same text, does this enable him
to infere the encryption key?
And if so, does this refer to the session key only, or will
it compromise the whole PGP key?

Thanks for your expertise,
Best regards,
Rüdiger Kupper

- --
Rüdiger Kupper
Honda Research Institute Europe GmbH
Carl-Legien-Straße 30
D-63073 Offenbach/Main, Germany

Phone : +049 (0)69-890 11-725
Fax   : +049 (0)69-890 11-749
E-Mail: Ruediger.Kupper@Honda-RI.de
PGP ID: C2303358

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/T1wUArljR8IwM1gRAimpAKDXajTK6HYxbag24z5b22Ff50TFigCgzmib
Pvfg0+lsmwL94v2uQs/9+4w=
=w8PU
-----END PGP SIGNATURE-----


_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic