RSA padding scheme
brian m. carlson
sandals at crustytoothpaste.net
Thu Jan 26 19:30:43 CET 2012
MFPA wrote:
> On Monday 23 January 2012 at 12:47:03 AM, in
> <mid:20120123004703.GB10912 at crustytoothpaste.ath.cx>, brian m. carlson
> wrote:
> > This is not a problem with OpenPGP because the attacker
> > never gets to see the value encrypted with RSA because
> > it's the symmetric key.
>
> Isn't that the same thing as the session key, which can be viewed
> using --show-session-key?
Yes, it is. However, decrypting a message does not automatically
provide the session key to the user (outside of the internal
functionality of the OpenPGP implementation). So what I'm saying is
that even if you have an oracle that will decrypt messages on demand and
provide them to the attacker, that doesn't mean that the oracle is going
to provide the session key used to decrypt that message, which you need
to conduct the attack.
Also, please, please, please don't ever CC me. This resulted in a major
delay as I deleted the message which I am now replying to and had to
cobble it together based on the archive. Please respect my
Mail-Followup-To and post replies only to the list.
--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20120126/54d4ae99/attachment.pgp>
More information about the Gnupg-users
mailing list