[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Encrypting same data with many keys...




At 05:37 PM 8/12/97 -0500, [email protected] wrote:
>So would that then be a possible weakness in encrypting to multiple 
>recipients with PGP? Probably not, since the actual data is encrypted with 
>idea.

The actual data is encrypted with IDEA, but the identical IDEA key is 
encrypted with each recipient's RSA key.  To avoid this attack,
PGP uses random padding after the IDEA key (which makes the message
encrypted with RSA different for each recipient, avoiding the trap.
Since IDEA keys are 128 bits long, and RSA moduli are typically 384-2047,
there's plenty of room for random noise in the format.)


#			Thanks;  Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp
#   (If this is a mailing list or news, please Cc: me on replies.  Thanks.)