On Fri, 2 Mar 2012, Post Carter wrote:
. . . so I think we just have a terminology discrepancy
here. What is a bit confusing is using the words encrypted
vs. decrypted and ciphertext vs. cleartext when we're talking
about an attacker inserting contents into the message.
I have been reading the exchanges wondering if someone
would point out what looked like unclear reference
of "encrypted" and "plaintext". (Amusing, actually.
Almost like a famous, classic, American comedy joke
involving baseball players' names.) [P]ost.carter's
"CCCCC" etc below makes things clear, IMHO.
And prompts me to ask a question. If the receiver
of the tampered-with message sends to the presumed
original sender the "CC" which began originally as
inserted "PP", but sends it encrypted eg with the
original sender's public key, that should not expose
the now-"CC" to the evesdropping attacker, right? Ie,
the attack would fail if the honest people involved
diligently follow the implicit lead of the original
sender's email, which used encryption, so the reply
to that original encrypted message gets encrypted?
What I was trying to say was like this...
?
1) Let's say the original sender encryptes a message.? It then looks like
this where "C" represents some bits of encrypted ciphertext:
? CCCCC
?
2) Then, the attacker inserts some material of their own into the message,
denoted here with "P" for plaintext since it has not been subjected to
encryption.? The message now looks like this:
? CCCPPCC
?
3) Next, the recipient "decrypts" the message.? Since at its lowest level
the encryption amounts to XOR'ing the message text against the secret
key, it essentially results in the flipping of each class of text. "C"
becomes "P" and "P" becomes "C":
? PPPCCPP
?
4) In the attack scenario, when the recipient sends the "gibberish" to
the sender, they are sending the now "encrypted" part of the message
above denoted by "CC":? PPP -->CC<-- PP
?
5) The attacker intercepts and XOR's the gibberish "CC" against their
original insertion "PP" from #2 to deduce the key.? Then they can decrypt
the original "CCCCC" contents from #1.
. . .
_______________________________________________
Gnupg-users mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnupg-users
