Eli Schwartz wrote: > On 8/22/25 7:13 PM, Dale wrote: > >> That's not what I'm saying. Let's say you have a file that is plain, >> not encrypted. Then you have the same file that is encrypted. One can >> use the info from the not encrypted file to hack the encrypted one. The >> keys have nothing to do with it. At least that is my understanding of >> it. Like I said, if you are 100% sure, don't worry about it. Just send >> some encrypted and some not. If no one can hack it, no problem. If >> you're wrong tho and you are sharing info someone wants, well, you get >> to keep the pieces. > > This is a kind of odd paranoia, and in general it is advised that people > who aren't cryptographers should refrain from making binding statements > about how cryptography does or doesn't work. Better to say nothing -- or > at least only say *questions* such as "is it possible?" -- rather than > say something incorrect that causes a public panic. > > In this case you may be thinking of the general principle: > https://en.wikipedia.org/wiki/Chosen-plaintext_attack > > But please do NOT go around assuming any given cryptographic scheme *is* > vulnerable to all types of attacks. The reason why people use > cryptography at all, is because good types exist that are safe to use. > And please remember that the "s" in https is cryptography. The majority > of any message in visiting your online banking, is known to attackers. > Plainly, https is not vulnerable to such attacks -- do not presume to > assume PGP based email is, without ***proof***. > > It is a simple and straightforward matter that sending a message to > someone and hacking them by having them respond to it, is a *ludicrous* > flaw in email, which is *all* about unknown people sending messages to > you. Such downsides are perhaps considered acceptable for symmetric > encryption where you don't expect anyone to be able to influence your > messages unless they also have the secret key -- but better to use > decent cryptography to begin with. > >
As I said, it was what I understood from what I was being told. I can't recall if I read it on a website or if someone told me that when I was working on my email encryption. I just recall it kinda made sense. If you have a plain text message and a encrypted message with the same info, it seems like that is a good starting point to figure out how the encryption is done. Either way, exercising a little extra caution can't hurt. Why give someone even a possible, if very unlikely, door? Dale :-) :-)
