RE: PGP scripting...

From: Beatie, Breck (ISSMountain View) (BBeatieat_private)
Date: Tue Jan 21 2003 - 09:13:08 PST

Next message: Jason Coombs: "RE: PGP scripting..."

Previous message: lsi: "PGP scripting (reprise)"
Maybe in reply to: Andrew MacKenzie: "PGP scripting..."
Next in thread: Glynn Clements: "RE: PGP scripting..."
Next in thread: Beatie, Breck (ISSMountain View): "RE: PGP scripting..."
Next in thread: Mark Reardon: "Re: RE: PGP scripting..."
Maybe reply: Mark Reardon: "Re: RE: PGP scripting..."
Reply: Glynn Clements: "RE: PGP scripting..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm not sure I understand the point of this message.  It seems that
you are saying that you can figure out the cleartext message by taking
the n possible cleartext messages and encrypting with the known public
key until you find the cipher text.  That much makes sense, but since
we were talking about encryption of bulk data it seems that the number
of possible messages would be VERY large and such an approach would
not be workable.

It seems that your comment would even argue AGAINST the "two stage"
system that you're talking about.  The total number of possible symmetric
keys would be much less than the total number of possible messages.

But then I'm a bit of a crypto ignoramus.  If you (or someone) would
elaborate a bit I would be grateful.

Breck

-----Original Message-----
From: Andre Mariën [mailto:andre.marienat_private]
Sent: Thursday, January 09, 2003 1:48 AM
Cc: secprogat_private
Subject: Re: PGP scripting...

Tom Arseneault wrote:

> As for the usage of the key in encryption and decryption, public key
> encryption is very compute intensive so while you could do bulk encryption
> with it whould be very slow.. The usual way things are done is that a
> symmetrical encryption will be used to encrypt a document (DES, 3DES,
> BLOWFISH, etc..., very fast) with a randomly generated key and that key is
> then encrypted with the public key of the person you sending the document
> to. Since only he, through the use of his private key, can decrypt the
> symmetrical key only he can decrypt the document.

Please do not use public key encryption for bulk data, even if
you accept the long times. It is a bad idea. If there are n
possible messgaes, it only takes at most n trials to decrypt
the message, no matter your key size (if the encrypting key is known;
typically it is the public key and it is known).
This problem is justification in itself to have a two stage system
for encryption of bulk data.
(there is someone at counterpane that can explain it in more detail ;-)

Next message: Jason Coombs: "RE: PGP scripting..."
Previous message: lsi: "PGP scripting (reprise)"
Maybe in reply to: Andrew MacKenzie: "PGP scripting..."
Next in thread: Glynn Clements: "RE: PGP scripting..."
Next in thread: Beatie, Breck (ISSMountain View): "RE: PGP scripting..."
Next in thread: Mark Reardon: "Re: RE: PGP scripting..."
Maybe reply: Mark Reardon: "Re: RE: PGP scripting..."
Reply: Glynn Clements: "RE: PGP scripting..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Jan 22 2003 - 11:25:05 PST