IETF Logo Mail Archive

Re: separation of signed and encrypted messages

"Michael Young" <mwy-opgp97@the-youngs.org> Tue, 16 October 2001 17:45 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id NAA12355 for <openpgp-archive@odin.ietf.org>; Tue, 16 Oct 2001 13:45:43 -0400 (EDT)
Received: from localhost (localhost [[UNIX: localhost]]) by above.proper.com (8.11.6/8.11.3) id f9GHVSI05763 for ietf-openpgp-bks; Tue, 16 Oct 2001 10:31:28 -0700 (PDT)
Received: from xfw.transarc.ibm.com (xfw.transarc.ibm.com [192.54.226.51]) by above.proper.com (8.11.6/8.11.3) with ESMTP id f9GHVQD05758 for <ietf-openpgp@imc.org>; Tue, 16 Oct 2001 10:31:26 -0700 (PDT)
Received: from mailhost.transarc.ibm.com (mailhost.transarc.ibm.com [9.38.192.124]) by xfw.transarc.ibm.com (AIX4.3/UCB 8.7/8.7) with ESMTP id NAA10566 for <ietf-openpgp@imc.org>; Tue, 16 Oct 2001 13:22:57 -0400 (EDT)
Received: from mwyoung (dhcp-195-23.transarc.ibm.com [9.38.195.223]) by mailhost.transarc.ibm.com (8.8.0/8.8.0) with SMTP id NAA17165 for <ietf-openpgp@imc.org>; Tue, 16 Oct 2001 13:31:22 -0400 (EDT)
Message-ID: <009a01c15668$5d5abde0$dfc32609@transarc.ibm.com>
From: Michael Young <mwy-opgp97@the-youngs.org>
To: ietf-openpgp@imc.org
References: <OE58s955E3yIyEOadke00001939@hotmail.com> <008201c15657$4b6f1880$dfc32609@transarc.ibm.com> <OE55rFHLqbp3eccmgeR00001add@hotmail.com>
Subject: Re: separation of signed and encrypted messages
Date: Tue, 16 Oct 2001 13:31:17 -0400
MIME-Version: 1.0
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MIMEOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

-----BEGIN PGP SIGNED MESSAGE-----

vedaal wrote:
> for an rsa key,
> if one has the session key, ciphertext and plaintext,
> and, at some point, 
> *if*
> md5 is 'fully' broken,
> would it not be possible to retrieve the secret key and passphrase?

I think you may have two different uses of symmetric keys mixed up.
A symmetric key protects the private part of your public/private keypair;
it is the one generated from your passphrase (using a hash, such as MD5).
Another "session key" protects the contents of a message; for messages
encrypted to a public key, it is random, and involves no hashing or
passphrase.

An "attacker" can already generate any number of session keys and
ciphertexts to go with your plaintext and signature (once you're
willing to reveal that).  They can encrypt those session keys with
your public key.  Giving out the one session key for a particular
ciphertext does no harm, unless that session key is (improperly)
related to others.

If you were considering encrypting directly to a passphrase, and the
hash were *badly* broken (such that you could generate pre-images of a
constrained pattern from an end hash), then indeed, this could be
a concern.  From the session key and salt, you might be able to
back-compute the passphrase.  If it were used elsewhere, then you
could be in trouble.  Still a little far-fetched.  Moreover,
you said "RSA", so I don't think this is what you meant.

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.3

iQEVAwUBO8xuxGNDnIII+QUHAQELKggAptcs6Eirbbm4HGTsBeIDdypPDbOsKrZq
42u7g69nnE7ulfPQOfGhya3xDSf/dj79e5Mxu3s3JG/xPjFTiKScwHiuw1eGdnaK
KD64Ex/gdsXxzTmSWjQwarG3fEv9eve2j9Wsr6rkEgmayzu+8NC/FvbOQBaS0KOA
SE+w+Dn8kmhiHHmERtNMh8z9q12UapgTR75pUQu5ncvpXZvz0ICsd7OSfuF04E13
z7GiU3BMQM66VwOwek1a3rEqEdu8mJkUwLatxMzFFjDSrcrnvxYuCS8HGEJG028Q
gA6ZPUgrLDh6uqBir9FnsJatKrQhge6SnbboBNlrImq2kvwEdHHG1Q==
=w7IG
-----END PGP SIGNATURE-----

v2.23.0 | Report a Bug | By Email