El 24/8/25 a las 13:07, Michael escribió:
On Sunday, 24 August 2025 11:07:03 British Summer Time Javier Martinez wrote:El 24/8/25 a las 11:01, Dale escribió:Eli Schwartz wrote:On 8/22/25 7:13 PM, Dale wrote:That's not what I'm saying. Let's say you have a file that is plain, not encrypted. Then you have the same file that is encrypted. One can use the info from the not encrypted file to hack the encrypted one. The keys have nothing to do with it. At least that is my understanding of it. Like I said, if you are 100% sure, don't worry about it. Just send some encrypted and some not. If no one can hack it, no problem. If you're wrong tho and you are sharing info someone wants, well, you get to keep the pieces.This is a kind of odd paranoia, and in general it is advised that people who aren't cryptographers should refrain from making binding statements about how cryptography does or doesn't work. Better to say nothing -- or at least only say *questions* such as "is it possible?" -- rather than say something incorrect that causes a public panic. In this case you may be thinking of the general principle: https://en.wikipedia.org/wiki/Chosen-plaintext_attack But please do NOT go around assuming any given cryptographic scheme *is* vulnerable to all types of attacks. The reason why people use cryptography at all, is because good types exist that are safe to use. And please remember that the "s" in https is cryptography. The majority of any message in visiting your online banking, is known to attackers. Plainly, https is not vulnerable to such attacks -- do not presume to assume PGP based email is, without ***proof***. It is a simple and straightforward matter that sending a message to someone and hacking them by having them respond to it, is a *ludicrous* flaw in email, which is *all* about unknown people sending messages to you. Such downsides are perhaps considered acceptable for symmetric encryption where you don't expect anyone to be able to influence your messages unless they also have the secret key -- but better to use decent cryptography to begin with.As I said, it was what I understood from what I was being told. I can't recall if I read it on a website or if someone told me that when I was working on my email encryption. I just recall it kinda made sense. If you have a plain text message and a encrypted message with the same info, it seems like that is a good starting point to figure out how the encryption is done. Either way, exercising a little extra caution can't hurt. Why give someone even a possible, if very unlikely, door? Dale :-) :-)Dale, Do you read others answers sent to you? Is so ridiculous that with your theory ANYONE could obtain any private key just with a public key because you can write text plain, encrypt it with and compare both. Please stop doing that kind of affirmations.All encryption methods and ciphers are secure, until ... they no longer are.Your theory is only valid for a few old (really old) encryptions algorythms and usually symmetric.Sure, this stands today, but tomorrow new mathematical solutions could be discovered, better computational technologies developed, larger data storage, etc. No doubt resistant algos and ciphers would be devised in turn to counteract it thereafter, but what's broken is broken. If I were a dissident under totalitarian rule and my family's life depended on it, I would consciously choose to be needlessly paranoid rather than take a chance. Living in a free society and for communicating casually with friends, I'd trust the math. YMMV.
Paranoid can be sane or insane. You can have one tree falling near your door house and take precautions against it, which you shouldn't is to think that an airplane will fall on you when you pass the entry. Is not sane to think that one new algorithm is vulnerable to a decades old age vulnerability that targets a different algorithm scheme, even when that new algo appeared targetting this one and a lot of different weakness.
When a vulnerability in RSA get appeared, be sure that someone will shout loud enough advicing us, making us change all digital certificates in use, identity documents between ohers, since asymmetric encryption is everywhere including RSA
Sure, this stands today, but tomorrow new mathematical solutions could be discovered, better computational technologies developed, larger data storage, etc. No doubt resistant algos and ciphers would be devised in turn to counteract it thereafter, but what's broken is broken.
This is what I said before. new algorithms solves new vulnerabilities of previous ones. Pointing that the new algo is vulnerable to old vulnerabilities already targeted is simply FUD. That quantum computing could make more feasible bruteforcing RSA??? don't doubt about it, by this reason my keys are 4096 bits at least (and not 2048), maybe in the future we should use even longer.
OpenPGP_0x57E64E0B7FC3BEDF.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
