Re: cryptanalysis question: Does knowing some of the content of the message make the full message vulnerable to decryption?
On Fri, 31 Jan 2014 08:39, micha...@gmx.de said: you are a legitimate sender. I don't know how gpg does it, in academic signature I use an hmac to protect solely symmetrically enciphered OpenPGP defines a MDC feature to detect tampering with the encrypted message. It works by appending the SHA-1 digest to the plaintext and include it in the encryption process. On decryption the decrypted plaintext is hashed again and the digest compared to the just decrypted digest. This deliberately works without a key (as in a MAC) to provide deniability for a encrypted-only message. The MDC feature is in use for about 14 years. RFC-4880 has alo the details. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: cryptanalysis question: Does knowing some of the content of the message make the full message vulnerable to decryption?
Assuming you're talking about encryption algorithms used by GnuPG, the answer is no, these algorithms do not have publicly known known-plaintext attacks. Messages encrypted with GnuPG are always symmetrically encrypted -- when using keys, it just encrypts the random file key using RSA/DSA to allow the recipient to decrypt the message. On Thu, Jan 30, 2014 at 1:15 PM, Donald Morgan Jr. donaldmorga...@gmail.com wrote: If you know a user has a signature that they use to always end a message with, does that data aid in the decryption of the file? Would this exploit be applicable to symmetric encryption methods as well? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users -- David Tomaschik OpenPGP: 0x5DEA789B http://systemoverlord.com da...@systemoverlord.com ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: cryptanalysis question: Does knowing some of the content of the message make the full message vulnerable to decryption?
On Thu, Jan 30, 2014 at 11:48:13PM -0800, Paul R. Ramer wrote: [snip] Just know that no one is going to attack to the cipher itself to get to your messages. There are much easier methods such as installing a key logger. Why beat the door down if you can open the window? Well...that depends on the value of the information, the assets of the adversary, and the cost of failure. Passively capturing and analyzing your traffic from 1000km away offers little hope but also little risk. Active measures like remotely installing a software keylogger can be detected and resisted or undone. Active measures like installing a hardware keylogger can get the adversary shot dead in the act, or result in exposure that would be far more costly to his employers than the failure of his individual mission. I would likely agree that nobody is going to attack the cipher to get *my* secrets. Most people haven't got anything worth that much time and effort. The greatest expectation of reward probably lies in waiting for me to make a misteak. -- Mark H. Wood, Lead System Programmer mw...@iupui.edu Machines should not be friendly. Machines should be obedient. signature.asc Description: Digital signature ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
cryptanalysis question: Does knowing some of the content of the message make the full message vulnerable to decryption?
If you know a user has a signature that they use to always end a message with, does that data aid in the decryption of the file? Would this exploit be applicable to symmetric encryption methods as well? ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: cryptanalysis question: Does knowing some of the content of the message make the full message vulnerable to decryption?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 El 30-01-2014 18:15, Donald Morgan Jr. escribió: If you know a user has a signature that they use to always end a message with, does that data aid in the decryption of the file? Would this exploit be applicable to symmetric encryption methods as well? I think padding helps to avoid that, but I'm not sure if gpg uses padding at the symmetric encryption step. Best Regards -BEGIN PGP SIGNATURE- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJS6uwZAAoJEMV4f6PvczxALTgIAJjfxFm1mkl4GtmoFk33q/xg fM7H+hE0NmpeUbNanGWplS8nTWftIHsqvLlo1Z9AVsn/hE+dDy4iNBZsi7hvwskG my2RCj2lAh2oZSTL/SnKaiLUPUGc8+L8Isje94oR0n+nKhUiJX8suGqkTQaoZ2ne SGSDGz7aGHKBF1sc7mWZCj435FMza8JY3UP6S0q7GO6MpoKzOZ4DjOjKeRPwBa7n m22MZZQQ2f4HpvY0hXvrgU7y+e3fhrybSnZFX6D+oCp6o/q0VjTGFQWAoVttG7vV oJKU4X8w8E403kK/obNRIweEtHvxfL77q67HZHNTMZGvLewXDO1pGalWdyGjqDQ= =zwS+ -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
cryptanalysis question: Does knowing some of the content of the message make the full message vulnerable to decryption?
Short answer: No. This would be a form of a (partially) known plaintext attack. Semantically secure ciphers are safe against this attack and it is not possible to extract information on the key. To be precise, you may of course be able guess a lot in the plaintext domain: Edward Snowden is a %@µ does leak further information and could easily be fully deciphered. But this has nothing to do with cryptography. However, in plain CBC ore counter mode(CTR) for the symmetric encryption it would be possible to change the blocks of known content against content of your liking. This is especially easy and undetectable to the recipient for CTR-mode(just XOR it out). In CBC mode it is more complicated and you would usually mess up some other parts of the decrypted message to unreadable gobbledonk. That is why you need special provisions to protect the authenticity of the cipher in transit if you are using symmetric cryptography only. In this case knowledge of the shared symmetric key is sort of proof that you are a legitimate sender. I don't know how gpg does it, in academic signature I use an hmac to protect solely symmetrically enciphered messages. There are standardized modes you might use to achieve that e.g. EAX or CCM. In an asymmetrically enciphered message it makes sense only to use digital signatures to protect the message or cipher(as opposed to the EAX, CCM or other symmetrically authenticated modes). Here the symmetric key is created on the fly for just this message and knowledge of the symmetric key alone would be no proof of anything other than that the sender is the sender. If you have a shaky system that might get disrupted by feeding it maliciously crafted information, it would make sense to asymmetrically sign the cipher and only decrypt if the signature is valid. Generally it is logically more sound to sign the content and then symmetrically encipher content and signature. Again I don't know how gpg does it. May be someone knowing the gpg internals might supply the information. Some people may disagree on the content of this last paragraph regarding usefullness of authenticated symmetric encryption in combination with asymmetric cryptography. There is even a proposed standard ECIES which combines asymmetric cryptography with symmetrically authenticated ciphers. I do not consider ECIES to be logically sound. If you are interested in this topic, you may have fun listening into Dan Bonehs great lectures on cryptography in coursera (for free). https://www.coursera.org/courses?orderby=upcomingsearch=cryptography regards Michael Anders ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: cryptanalysis question: Does knowing some of the content of the message make the full message vulnerable to decryption?
On January 30, 2014 1:15:08 PM PST, Donald Morgan Jr. donaldmorga...@gmail.com wrote: If you know a user has a signature that they use to always end a message with, does that data aid in the decryption of the file? Would this exploit be applicable to symmetric encryption methods as well? A common form of cryptanalytic research involves trying to find a faster than brute force method of discovering a key when several plaintexts are know. The symmetric ciphers that are employed in GnuPG are, to my knowledge, very good in their resistance to cryptanalysis, including this method. Just know that no one is going to attack to the cipher itself to get to your messages. There are much easier methods such as installing a key logger. Why beat the door down if you can open the window? Cheers, --Paul -- PGP: 3DB6D884 ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
