Improvement of remailer security

Axel Boldt boldt at math.ucsb.edu
Fri Mar 11 14:49:41 PST 1994


On Fri, 11 Mar 1994 01:00:37 -0500 (EST), Matthew J Ghio
<mg5n+ at andrew.cmu.edu> said:

> boldt at math.ucsb.edu (Axel Boldt):

>> Even the current pgp encryption scheme offered by some remailers
>> doesn't help much, once the incoming and outgoing messages are
>> known: just take the outgoing message from the remailer, encrypt
>> it with the remailer's public key, compare this to the incoming
>> messages and you know who sent this message (repeat if a chain
>> of remailers was used).

> Nope...  PGP encrypts the message with a random IDEA key, and then
> encrypts the IDEA key with RSA.  You'd have to guess which IDEA key was
> used, and encrypt that with RSA.  The SS couldn't guess 2^128 possible
> IDEA keys [...]

Thanks for pointing this out. I wasn't aware of the fact that pgp
encrypting is not deterministic in the sense that encrypting the same
message with the same public key need not result in the same output.

I guess that makes my whole suggestion pointless.

Axel


P.S. Pardon my ignorance: Doesn't this scheme you describe above make
the random generator the most attackable part of pgp encryption,
thereby sidestepping the whole RSA stuff?






More information about the cypherpunks-legacy mailing list