On Tue, 21 Aug 2012 11:59:20 -0400 Jens Lechtenboerger <clou...@informationelle-selbstbestimmung-im-internet.de> wrote:
>Also, "different" would need to be random and of sufficient >length... ===== It is. See RFC4880, (it's one of the 'MUST' implementations for all open-pgp's) http://tools.ietf.org/html/rfc4880 (specific sections will be quoted below) ===== >I'm not concerned whether the average user can do this right now >or not. I'm concerned about experts (that could also provide attack >tools to average users). ===== Even the experts should not be able to. See the quoted sections below. =====[ begin quoted sections ]===== 5.1. Public-Key Encrypted Session Key Packets (Tag 1) ... Note that when an implementation forms several PKESKs with one session key, forming a message that can be decrypted by several keys, the implementation MUST make a new PKCS#1 encoding for each key. ... 7.2 RSAES-PKCS1-v1_5 * It is recommended that the pseudorandom octets in step 2 in Section 7.2.1 be generated independently for each encryption process, especially if the same data is input to more than one encryption process. Haastad's results [24] are one motivation for this recommendation. * The padding string PS in step 2 in Section 7.2.1 is at least eight octets long, which is a security condition for public-key operations that makes it difficult for an attacker to recover data by trying all possible encryption blocks. ... 13.1.1. EME-PKCS1-v1_5-ENCODE Input: k = the length in octets of the key modulus M = message to be encoded, an octet string of length mLen, where mLen <= k - 11 Output: EM = encoded message, an octet string of length k Error: "message too long" 1. Length checking: If mLen > k - 11, output "message too long" and stop. 2. Generate an octet string PS of length k - mLen - 3 consisting of pseudo-randomly generated nonzero octets. The length of PS will be at least eight octets. 3. Concatenate PS, the message M, and other padding to form an encoded message EM of length k octets as EM = 0x00 || 0x02 || PS || 0x00 || M. 4. Output EM. =====[ end quoted sections ]===== vedaal n.b. If you are interested in looking into this rigorously further, I recommend you contact Professor Dan Boneh. http://crypto.stanford.edu/~dabo/ (He is an authority on RSA, teaches a free online Cryptography course at Stanford University, and has a clear style and is reasonably accessible.) _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users