Encrypting same data with many keys...
nospam-seesignature at ceddec.com
nospam-seesignature at ceddec.com
Wed Aug 13 08:53:57 PDT 1997
On Tue, 12 Aug 1997 amp at pobox.com wrote:
> > > What if instead of using a private key cypher, we used a public key
> > > cypher? Would that make any difference in attack methods?
> >
> > Yes.
> >
> > Having identical plaintexts raised to the same power modulo different
> > numbers makes the solution much easier. If you have enough RSA
> > encryptions of the same number to the same power, you can solve it
> > outright by the remainder theorem.
>
> So would that then be a possible weakness in encrypting to multiple
> recipients with PGP? Probably not, since the actual data is encrypted with
> idea.
PGP uses and E of 17 by default, but it would be a problem except that
there is a specification for random padding, so it *NEVER* encrypts
identical plaintext. It always uses a number just a few bits shorter than
N, starting with 0x02, then nonzero random bytes, then a zero byte, and
finally the message bytes you want to encrypt.
There was a man-in-the-middle or replay attack with SSL that they changed
the spec of the padding slightly (8 bytes before the zero byte must be
0x03), I think this is because you might be able to quickly find a random
cyphertext that decrypts to having a zero byte followed by something
useful as key material, but haven't read the details.
--- reply to tzeruch - at - ceddec - dot - com ---
More information about the cypherpunks-legacy
mailing list