[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Commercial PGP: Verifying Trustworthiness



Forwarding for [email protected] (Christian D. Odhner)
 
> 
> peter honeyman <[email protected]> says:
> > pgp and viacrypt will always generate differnt outputs: pgp
> > adds some pseudo-random stuff to the start of the file it is
> > encrypting to ensure that a file encrypts differently each time. 
> This means that I am trusting the "pseudo-random" stuff not to be
> some secrets that PGP has read from my disk. The only benefit
> that I see to the pseudo-random stuff is to send the same message
> to several people without revealing the fact that the messages are
> the same except to those that can decode the messages.
> 
I could very well be wrong about this one, but since pgp uses a random
idea session key each time you encrypt, wouldn't that in fact ensure that
no two encryptions of the same file with the same public key are ever the
same? Why then would random stuff be needed? 
 
Happy Hunting, -Chris
<[email protected]>
PGP public key available upon request.