El 24/8/25 a las 11:01, Dale escribió:
Eli Schwartz wrote:On 8/22/25 7:13 PM, Dale wrote:That's not what I'm saying. Let's say you have a file that is plain, not encrypted. Then you have the same file that is encrypted. One can use the info from the not encrypted file to hack the encrypted one. The keys have nothing to do with it. At least that is my understanding of it. Like I said, if you are 100% sure, don't worry about it. Just send some encrypted and some not. If no one can hack it, no problem. If you're wrong tho and you are sharing info someone wants, well, you get to keep the pieces.This is a kind of odd paranoia, and in general it is advised that people who aren't cryptographers should refrain from making binding statements about how cryptography does or doesn't work. Better to say nothing -- or at least only say *questions* such as "is it possible?" -- rather than say something incorrect that causes a public panic. In this case you may be thinking of the general principle: https://en.wikipedia.org/wiki/Chosen-plaintext_attack But please do NOT go around assuming any given cryptographic scheme *is* vulnerable to all types of attacks. The reason why people use cryptography at all, is because good types exist that are safe to use. And please remember that the "s" in https is cryptography. The majority of any message in visiting your online banking, is known to attackers. Plainly, https is not vulnerable to such attacks -- do not presume to assume PGP based email is, without ***proof***. It is a simple and straightforward matter that sending a message to someone and hacking them by having them respond to it, is a *ludicrous* flaw in email, which is *all* about unknown people sending messages to you. Such downsides are perhaps considered acceptable for symmetric encryption where you don't expect anyone to be able to influence your messages unless they also have the secret key -- but better to use decent cryptography to begin with.As I said, it was what I understood from what I was being told. I can't recall if I read it on a website or if someone told me that when I was working on my email encryption. I just recall it kinda made sense. If you have a plain text message and a encrypted message with the same info, it seems like that is a good starting point to figure out how the encryption is done. Either way, exercising a little extra caution can't hurt. Why give someone even a possible, if very unlikely, door? Dale :-) :-)
Dale, Do you read others answers sent to you?Is so ridiculous that with your theory ANYONE could obtain any private key just with a public key because you can write text plain, encrypt it with and compare both. Please stop doing that kind of affirmations.
Your theory is only valid for a few old (really old) encryptions algorythms and usually symmetric.
Caution mixing encrypted and not encrypted data??I will crack Dale secret key, so I have only just to download his public key from a key server, write one plain text file with a "hello world" string exec "gpg -e helloworld" getting encrypted with his public key and voilá, gpg secret key decrypted as I have encrypted and decrypted content. That's FUD, simple FUD. You will never find that got happened because it's wrong.
Old algorythms also were vulnerable to many cryptoanalysis attacks, as Caesar algorithm, RC4 used in WEP etc, do you think gpg shares the same working mode as the algorythm used in the old Rome by Julius Caesar??? Old symetrical algorithms could be attacked for example using statistics, as the "A" letter is the one most used. I have one encrypted stream "dsrfgsfgr fgfds". I have 4 letters f, the most, so f is A. Encryption schemes evolution together with the attacks that receive, appearing new encryptions algorithm that resists this kind of attack as result. From now RSA is only vulnerable to supercomputers bruteforcing the key and just if the key is small enough (I think 512 bits RSA key were cracked)
On 8/22/25 2:09 PM, Javier Martinez wrote:You can check key servers for him, and check if someone known has signed his key. But, what the hell, how could I trust in someone that has the "evil" word in one of his email address???? To Eli Schwartz: My secoff uid is 666 (the number of the bofh), so don't get in rage... I'm probably worser than you....That is my newer ed25519 key. I have worse words in my older rsa4096 key, see the second email address at https://keyserver.ubuntu.com/pks/lookup?search=0xBD27B07A5EF45C2ADAF70E0484818A6819AF4A9B&fingerprint=on&op=index 🙂 -- Eli Schwartz
That only makes you a bit more trusted to me. I'm still thinking that hidden somewhere around in your home you have a windows 95 CDROM...CDROM you got because you like to use serial numbers as passphrase encryptions while you are doing a cruel and loudy laughter as nobody could know it....
But, sorry by tell you this, you are wrong, probably no one in this mail list would have your key since dont have windows 95 cdroms, but take for sure that the 50% of ubuntu users will have the same CDROM as you since it got "backuped" in redmond , before getting sold to you, and "accidentaly" given to a worker friend, which "accidentally" copy it to other friend, and so... and most of this persons, got finished in ubuntu with gnome...., so, half of ubuntu users have your secret key.... :/
OpenPGP_0x57E64E0B7FC3BEDF.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
