Re: Secret key holder identity
On Thu, Feb 22, 2007 at 09:23:00AM +0100, Werner Koch wrote: On Tue, 20 Feb 2007 18:02, [EMAIL PROTECTED] said: If the system was designed for the real world, the encrypted message would, by default, consist of a binary data set, indistingushable from a random stream, until and unless decrypted using the recipient's private key. A real world system needs to know the key for decryption and not fall back to a time consuming mode of trial decryption with all available secret keys. Some people are using dozens or even hundreds of secret keys; in particular if you are using several pseudonyms or key rotating. OpenPGP is not designed to thwart traffic analysis. It has merely some provisions to help such a system And the modern anti-terrorist research and operational practice shows, that you dont need to know actual meessage to do law-enforcement-level-meaningful traffic analysis. Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key holder identity
On Tue, 20 Feb 2007 18:02, [EMAIL PROTECTED] said: If the system was designed for the real world, the encrypted message would, by default, consist of a binary data set, indistingushable from a random stream, until and unless decrypted using the recipient's private key. A real world system needs to know the key for decryption and not fall back to a time consuming mode of trial decryption with all available secret keys. Some people are using dozens or even hundreds of secret keys; in particular if you are using several pseudonyms or key rotating. OpenPGP is not designed to thwart traffic analysis. It has merely some provisions to help such a system Salam-Shalom, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key holder identity
On 2/22/07, Werner Koch [EMAIL PROTECTED] wrote: On Tue, 20 Feb 2007 18:02, [EMAIL PROTECTED] said: If the system was designed for the real world, the encrypted message would, by default, consist of a binary data set, indistingushable from a random stream, until and unless decrypted using the recipient's private key. A real world system needs to know the key for decryption and not fall back to a time consuming mode of trial decryption with all available secret keys... OpenPGP is not designed to thwart traffic analysis. It has merely some provisions to help such a system Thanks Werner - we agree on the OpenPGP design. I'm only trying to point out that this is a serious limitation, more so now than at the time PGP was born (or OpenPGP was designed). Tempora mutantur (et nos in illis?) NikNot ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key holder identity (was: Local file encryption)
On 2/20/07, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: pgpdump doesn't list which symmetric algo, only lists that an mdc was or wasn't used The attacker performing large-scale traffic uses his own software that is - so it must be presumed - capable of distilling all (to him) usefull information from the flow of messages. Consequently, the question should not be what pgpdump will or will not produce, the question should be what information is or is not contained in the message previous to its decryption. NikNot ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key holder identity (was: Local file encryption)
NikNot schrieb: Unfortunately, the whole GPG, with WebOfTrust construct, makes the assumption that there is no need whatsoever to protect the identity of the secret key holder You have, however, the possibility of using pseudonyms as UID. Only the signers of your key would have to know about your true identity. Another option against traffic analysis is to drop the Key-IDs of the recipients of encrypted mail (-throw-key-ids IIRC?!). cu, Sven ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
re: Secret key holder identity (was: Local file encryption)
vedaal at hush.com vedaal at hush.com Tue Feb 20 18:16:52 CET 2007 wrote: running gpg-list-packets or pgpdump on the encrypted message, lists the key-type (dh or rsa), key size, and symmetric algorithm used sorry, my mistake ;-(( pgpdump doesn't list which symmetric algo, only lists that an mdc was or wasn't used the actual symmetric algo type used is encrypted with the session key to the public key is there a way to tell though, (without decrypting) which symmetric algo was used? tia, vedaal -- Click to consolidate your debt and lower your monthly expenses http://tagline.hushmail.com/fc/CAaCXv1QPxbwBGTnei9j0EserPyHAirc/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key holder identity (was: Local file encryption)
Janusz A. Urbanowicz alex at bofh.net.pl wrote on Tue Feb 20 15:24:40 CET 2007 : * it is possible to hide recipient's completely ID by using -- throw-keyid well, not 'completely' running gpg-list-packets or pgpdump on the encrypted message, lists the key-type (dh or rsa), key size, and symmetric algorithm used so, for people who prefer 8092 rsa keys and use blowfish [ you know who you are ;-)) ] using throw keyid won't help much ... vedaal -- Click to get 125% of your home's value, super fast, no lender fees http://tagline.hushmail.com/fc/CAaCXv1QaK0r1IT1ABMgmz21Tf3y9WCZ/ ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key holder identity (was: Local file encryption)
On 2/20/07, Janusz A. Urbanowicz [EMAIL PROTECTED] wrote: * without having recipient pubkey it is impossible to determine the recipient of the message (assuming the subkey ID is not widely known) ... If the system was designed for the real world, the encrypted message would, by default, consist of a binary data set, indistingushable from a random stream, until and unless decrypted using the recipient's private key. NikNot ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key holder identity (was: Local file encryption)
On Mon, Feb 19, 2007 at 10:54:17AM -0800, NikNot wrote: On 2/19/07, Adam Funk [EMAIL PROTECTED] wrote: Is there any reason to physically secure your *public* keyring in ... (Well, I suppose you might want to hide your secret identity!) Unfortunately, the whole GPG, with WebOfTrust construct, makes the assumption that there is no need whatsoever to protect the identity of the secret key holder (and, by extension, that traffic analysis - as opposed to the secret content analysis - is not something to be concerned with). That statement is definitely not true. * PGP was the first cryptosystem to hide sender's ID (when signing+encrypting), compare PEM to see the difference; * one can issue himself a key pair with pseudonym User ID the same way as with RL identity and use it normally; * without having recipient pubkey it is impossible to determine the recipient of the message (assuming the subkey ID is not widely known) * it is possible to hide recipient's completely ID by using --throw-keyid Alex -- JID: [EMAIL PROTECTED] PGP: 0x46399138 od zwracania uwagi na detale są lekarze, adwokaci, programiści i zegarmistrze -- Czerski ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Secret key holder identity (was: Local file encryption)
On 2/19/07, Adam Funk [EMAIL PROTECTED] wrote: Is there any reason to physically secure your *public* keyring in ... (Well, I suppose you might want to hide your secret identity!) Unfortunately, the whole GPG, with WebOfTrust construct, makes the assumption that there is no need whatsoever to protect the identity of the secret key holder (and, by extension, that traffic analysis - as opposed to the secret content analysis - is not something to be concerned with). NikNot ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key holder identity (was: Local file encryption)
On Feb 19, 2007, at 11:54 AM, NikNot wrote: On 2/19/07, Adam Funk [EMAIL PROTECTED] wrote: Is there any reason to physically secure your *public* keyring in ... (Well, I suppose you might want to hide your secret identity!) Unfortunately, the whole GPG, with WebOfTrust construct, makes the assumption that there is no need whatsoever to protect the identity of the secret key holder (and, by extension, that traffic analysis - as opposed to the secret content analysis - is not something to be concerned with). NikNot ___ It's funny you mention this: I got into an argument with a consultant about how X.509 certificates are a privacy violation because your identity is encoded into the subject field. I kept asking him, How would you know whose cert. it is without it? At any rate, there are lot of bozos in the world posing as security experts who shouldn't be taken seriously. Joe smime.p7s Description: S/MIME cryptographic signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: Secret key holder identity (was: Local file encryption)
On 2/19/07, Joseph Oreste Bruni [EMAIL PROTECTED] wrote: It's funny you mention this: I got into an argument with a consultant about how X.509 certificates are a privacy violation because your identity is encoded into the subject field. I kept asking him, How would you know whose cert. it is without it? At any rate, there are lot of bozos in the world posing as security experts who shouldn't be taken seriously. (Its not clear (to me) from the above what was the bozo saying: that the certificates _are_ or _are not_ a privacy violation?) I find it very interesting that Phil Zimmemann, who invented WOT, apparently realizes that times are changing, and that WOT has outlived its usefullness; specifically because - unlike perhaps at the time of birth of PGP - trafic analysis is a threat that may be naively ignored only in geek kindergartens, but not in the real life. NikNot ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
