RE: PGP scripting...

Ahhh, yes that does make more sense to me. Thank you for taking the time to explain. And thank you for explaining it clearly and using small words. I received several other responses privately that said basically the same thing as you, but a lot less clearly.

Thanks again.

Breck

-----Original Message-----
From: Glynn Clements [mailto:glynn.clements@virgin.net] Sent: Wednesday, January 22, 2003 12:06 PM To: Beatie, Breck (ISSMountain View)
Cc: secprog@securityfocus.com; Andre Mariën Subject: RE: PGP scripting...

Beatie, Breck (ISSMountain View) wrote:

> > Please do not use public key encryption for bulk data, even if

I think that you're misinterpreting the term "bulk data" slightly; it is referring to the actual plaintext (subject to any transformations such as compression), not necessarily to a *large* amount of data.

The context may greatly reduce the set of possible plaintexts, even below the size of a symmetric key. Suppose that you can guess almost the entire plaintext (e.g. because it's generated automatically by a specific piece of software), and the only thing which you *can't* guess is a very small section e.g. a credit card number, you could attempt a brute-force search of all plausible credit card numbers, which is likely to be easier than brute-forcing a 128-bit symmetric key.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

To take an extreme (and somewhat contrived) example, suppose that you know that the message will either be "The deal is on" or "The deal is off"; although the message would occupy at least 112 bits as ASCII, you only really have one bit of data, and you would only have to encrypt the two candidate messages to determine which one was actually sent.

In short, with the two-stage approach, you have a fixed lower bound on the number of possible plaintexts, and for a 128-bit key, this is well beyond brute-force viability with current hardware, even for the NSA. OTOH, directly encrypting the plaintext provides no such lower bound.

-- 
Glynn Clements