-----BEGIN PGP SIGNED MESSAGE----- In article <199603060542.VAA28896@ix9.ix.netcom.com>, Bill Stewart <stewarts@ix.netcom.com> wrote:
On the other hand, it really only costs you one IDEA encryption if you want to use the multiple-recipients options to PGP. With the current PGP, this means you don't have to hack your own crypto code; the toolkits in PGP 3.0 will make that easier, though.
True, and reasonable. Suppose, though, that the Cypherpunks list was encrypted in this way. There are about a thousand listmembers. Using one IDEA key and the multiple-recipients option would mean that the encrypted message would consist of a thousand RSA-encrypted session keys followed by the IDEA-encrypted cyphertext. If everyone used a 1024-bit-or-longer key pair, then each message would be a megabyte long! ( (m**P) mod n is going to be log2(n) bits long, right?) BTW, it was pointed out to me in private email that while vanilla RSA commutes, the PKCS-compliant RSA in PGP which pads the session key with random data does not, so that my nifty trick to never expose cleartext in the list processor wouldn't work. That's why I'm just a loudmouth blowhard and not a real cryptographer. ;-) - -- Alan Bostick | "If I am to be held in contempt of court, Seeking opportunity to | your honor, it can only be because the court develop multimedia content. | has acted contemptibly!" Finger abostick@netcom.com for more info and PGP public key -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMUB7v+VevBgtmhnpAQHKXwMAhcjT3R6hE8jtGBEY3uHZ7Y3cOycQEpXP dSQ2TsK27vYpCCjFBe3JauxLBBpM6yPqhPq8rSerNaQ7a8lhAWB4UwcUTwh9S7U3 PobslFhkFEwPd9jnZwY4g0ZZKb3iABIO =sLrM -----END PGP SIGNATURE-----