Re: Big curiosity
On Sun, 2021-06-13 at 14:06 +, knighttemplar5--- via Gnupg-users wrote: > I have been contemplating subscribing to an email forwarding service that > will encrypt all the forwarded mails to me with my public key. > Lets imagine the country where the forwarding takes place can see all my > emails in plain text and at the same time the same emails PGP encrypted, can > enough of this data pose a threat to my private key?I mean in theory at list? > I just love learning about this stuff but I m not good enough in math to have > an informed opinion. > Let me answer from a little different perspective. Anyone can generate some piece of text and encrypt it using your public key. There is nothing special about encrypting your mails vs encrypting arbitrary data. So if that were a problem, access to your mails would be entirely irrelevant to it. -- Best regards, Michał Górny ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Big curiosity
Hello, a bit of elaborating on this one. Am Sun, 13 Jun 2021 18:58:54 +0200 schrieb Johan Wevers : > On 13-06-2021 16:06, knighttemplar5--- via Gnupg-users wrote: > >> I have been contemplating subscribing to an email forwarding service >> that will encrypt all the forwarded mails to me with my public key. >> Lets imagine the country where the forwarding takes place can see all my >> emails in plain text and at the same time the same emails PGP encrypted, >> can enough of this data pose a threat to my private key? > > What you describe is in cryptography known as a known-plaintext attack. > Correct. > It can happen in a less obvious way. For example I remember the old Word > Perfect 5 for DOS that had the option to encrypt its files. It did that > by XORing the entire file with your password. However, because the first > few bytes of a WP file were always the same it was trivial to deduct the > password from a file that was encrypted with this method. > Yet let us keep in mind that gpg (or any practical assymetric encryption kit out there) consists of two elements: an asymmetric encryption and a symmetric encryption. The XOR is the symmetric part, and there is a lot of discussion on the resilience of a symmetric cipher to chosen plaintext attacks when it is being reviewed. XOR is a good example here because it is so poor in this respect. Modern variants are thought to be resilient against this type of attacs - typical reviews might tell you that in order to break a 128 bit key one would need 2**90 or so texts and their encrypted equivalent. The actual number for gpg security is practically not relevant, since for gpg you'll get a different symmetric key each time you encrypt another file. This is because gpg actually only encrypts this symmetric key with the assymetric code, like RSA - typically not more than 256 bit of arbitrary nature. For the assymetric code the world is different - anybody who has access to the public key can generate as many plaintext/ciphertext pairs as he wants. Yet I am not aware of any (relevant) choosen plaintext attacs against RSA & friends - this would immediately render it useless, for any application. > > So, in short, the answer to your question is "no, it is not a threat". > Absolutely right. You should be more concerned to understand what this type of incoming mail encryption is good for - and what it can't prevent. It is not as useful as you may think; the mail provider could still read your plaintext mail, even though he may promise you to encrypt things directly after receiving. The link from your email provider to you is, these days, already encrypted, so no benefit there neither. The one benefit is that if someone hacks your mail provider he can't do anything with your mails he may find there, since they are all encrypted. So yes it is useful, but only in a specific way. Hope this helps, regards Andreas -- Lister: Everything?s really nice there. They even shampoo the rats. Groom their tails and everything! ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Big curiosity
On 13-06-2021 16:06, knighttemplar5--- via Gnupg-users wrote: > I have been contemplating subscribing to an email forwarding service > that will encrypt all the forwarded mails to me with my public key. > Lets imagine the country where the forwarding takes place can see all my > emails in plain text and at the same time the same emails PGP encrypted, > can enough of this data pose a threat to my private key? What you describe is in cryptography known as a known-plaintext attack. It can happen in a less obvious way. For example I remember the old Word Perfect 5 for DOS that had the option to encrypt its files. It did that by XORing the entire file with your password. However, because the first few bytes of a WP file were always the same it was trivial to deduct the password from a file that was encrypted with this method. So XOR is vulnerable to a known-plaintext attack. However, since this is a well-known attack (it was already used against the German Enigma code in WW2), all modern encryption algorithms are tested against this and will certainly not be put in GnuPG is they are vulnerable to it. So, in short, the answer to your question is "no, it is not a threat". -- ir. J.C.A. Wevers PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Big curiosity
Hi, I have been contemplating subscribing to an email forwarding service that will encrypt all the forwarded mails to me with my public key. Lets imagine the country where the forwarding takes place can see all my emails in plain text and at the same time the same emails PGP encrypted, can enough of this data pose a threat to my private key?I mean in theory at list? I just love learning about this stuff but I m not good enough in math to have an informed opinion. Thanks KT Sent with ProtonMail Secure Email. publickey - knighttemplar5@protonmail.com - 0x654EA1A0.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users