On Fri, 11 Mar 1994 01:00:37 -0500 (EST), Matthew J Ghio <mg5n+@andrew.cmu.edu> said:
boldt@math.ucsb.edu (Axel Boldt):
Even the current pgp encryption scheme offered by some remailers doesn't help much, once the incoming and outgoing messages are known: just take the outgoing message from the remailer, encrypt it with the remailer's public key, compare this to the incoming messages and you know who sent this message (repeat if a chain of remailers was used).
Nope... PGP encrypts the message with a random IDEA key, and then encrypts the IDEA key with RSA. You'd have to guess which IDEA key was used, and encrypt that with RSA. The SS couldn't guess 2^128 possible IDEA keys [...]
Thanks for pointing this out. I wasn't aware of the fact that pgp encrypting is not deterministic in the sense that encrypting the same message with the same public key need not result in the same output. I guess that makes my whole suggestion pointless. Axel P.S. Pardon my ignorance: Doesn't this scheme you describe above make the random generator the most attackable part of pgp encryption, thereby sidestepping the whole RSA stuff?