David Shaw <ds...@jabberwocky.com> writes: > Hmm. I'm not sure you and I are on the same page with this attack. I > don't think that Alice's rigged message to Baker necessarily needs to > be forged to come from the original sender. Alice can send the > message to Baker as herself, with no special signing or other trickery > to fool Baker about the origin of the message. She can even sign it > (as herself) if she wants. The contents of the message just need to > be something Baker would naturally reply to.
Yeah I got a bit carried off there. So any way to counter that, besides keeping a list of (hash(cryptd-text), hash(session-key | random-parts)) to warn you if one is reused? Obviously that is a pretty dumb way, so is there any way at all to counter a session-key-reuse attack? -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA
pgpczBvUIKomF.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
