[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Weak steganography
Hal said:
> Unfortunately, this doesn't presently work with PGP. PGP puts a
> header at the front of encrypted file which identifies it as a PGP
> file. This includes information about whether the file is RSA or IDEA
> encrypted, and if it is RSA encrypted it includes information about
> which key(s) it is encrypted with.
First, this is only true when the file is ASCII armored. You can
easily convert the file from armor to binary once you receive it and
then keep it in binary form. Second, if the file is encrypted, it
only contains the KeyID(s) of the recipient(s) in plain text, not the
sender.
> RSA encryption headers will be harder to remove, particularly because of
> the lack of a key ID to tell which secret key to decrypt with. We would
> just try the default key, I guess. But this would require a more extensive
> set of changes to PGP.
This is not necessrily true. I've been thinking of a way to try this.
Don't forget, you only have a limited number of secret keys to try, so
you try them all. How many keys could you have? 10, maybe? At most?
I, personally, only have one secret key. I could try it, and if it
fails, I know I couldn't read the file....
Basically, Hal, you are stretching the "problem" further than it needs
to go, IMHO. Relax a little and take a look at what you have at your
fingertips. :-)
-derek