Encrypting same data with many keys...

nospam-seesignature at ceddec.com nospam-seesignature at ceddec.com
Thu Aug 14 14:12:19 PDT 1997

On Wed, 13 Aug 1997, Ray Arachelian wrote:

> On Wed, 13 Aug 1997, Bill Stewart wrote:
> > The actual data is encrypted with IDEA, but the identical IDEA key is 
> > encrypted with each recipient's RSA key.  To avoid this attack,
> > PGP uses random padding after the IDEA key (which makes the message
> > encrypted with RSA different for each recipient, avoiding the trap.
> > Since IDEA keys are 128 bits long, and RSA moduli are typically 384-2047,
> > there's plenty of room for random noise in the format.)
> Would it not be more secure if it picked a different IDEA session key for
> each recipient?  Would be slower, but...

If there were random padding, I don't think it would increase the
security.  PGP uses one conventional key and multiple PK encryptions of
it, with different padding (I think).  Then you only have one message to
send out, i.e. pk1,pk2...pkn,convenc instead of pk1,cenc1 pk2,cenc2...

--- reply to tzeruch - at - ceddec - dot - com ---

More information about the cypherpunks-legacy mailing list