Encrypting same data with many keys...

Bill Stewart stewarts at ix.netcom.com
Wed Aug 13 00:46:38 PDT 1997

At 05:37 PM 8/12/97 -0500, amp at pobox.com wrote:
>So would that then be a possible weakness in encrypting to multiple 
>recipients with PGP? Probably not, since the actual data is encrypted with 

The actual data is encrypted with IDEA, but the identical IDEA key is 
encrypted with each recipient's RSA key.  To avoid this attack,
PGP uses random padding after the IDEA key (which makes the message
encrypted with RSA different for each recipient, avoiding the trap.
Since IDEA keys are 128 bits long, and RSA moduli are typically 384-2047,
there's plenty of room for random noise in the format.)

#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 stewarts at ix.netcom.com
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#   (If this is a mailing list or news, please Cc: me on replies.  Thanks.)

More information about the cypherpunks-legacy mailing list