On Wed, 13 Aug 1997, Bill Stewart wrote:
The actual data is encrypted with IDEA, but the identical IDEA key is encrypted with each recipient's RSA key. To avoid this attack, PGP uses random padding after the IDEA key (which makes the message encrypted with RSA different for each recipient, avoiding the trap. Since IDEA keys are 128 bits long, and RSA moduli are typically 384-2047, there's plenty of room for random noise in the format.)
Would it not be more secure if it picked a different IDEA session key for each recipient? Would be slower, but... =====================================Kaos=Keraunos=Kybernetos============== .+.^.+.| Ray Arachelian |Prying open my 3rd eye. So good to see |./|\. ..\|/..|sunder@sundernet.com|you once again. I thought you were |/\|/\ <--*-->| ------------------ |hiding, and you thought that I had run |\/|\/ ../|\..| "A toast to Odin, |away chasing the tail of dogma. I opened|.\|/. .+.v.+.|God of screwdrivers"|my eye and there we were.... |..... ======================= http://www.sundernet.com ==========================