Commercial PGP: Verifying Trustworthiness

Norman Hardy norm at netcom.com
Thu Aug 26 19:15:51 PDT 1993


Forwarding for cdodhner at indirect.com (Christian D. Odhner)
 
> 
> peter honeyman <honey at citi.umich.edu> says:
> > pgp and viacrypt will always generate differnt outputs: pgp
> > adds some pseudo-random stuff to the start of the file it is
> > encrypting to ensure that a file encrypts differently each time. 
> This means that I am trusting the "pseudo-random" stuff not to be
> some secrets that PGP has read from my disk. The only benefit
> that I see to the pseudo-random stuff is to send the same message
> to several people without revealing the fact that the messages are
> the same except to those that can decode the messages.
> 
I could very well be wrong about this one, but since pgp uses a random
idea session key each time you encrypt, wouldn't that in fact ensure that
no two encryptions of the same file with the same public key are ever the
same? Why then would random stuff be needed? 
 
Happy Hunting, -Chris
<cdodhner at indirect.com>
PGP public key available upon request.






More information about the cypherpunks-legacy mailing list