[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Improving resistance against attacks

To: <e$@thumper.vmeng.com>
Subject: Re: Improving resistance against attacks
From: "Myron Lewis" <mrlewis@xxxxxxxxxx>
Date: Thu, 18 Dec 1997 11:06:42 -0500
Cc: <pafei@xxxxxxxx>, <ietf-open-pgp@xxxxxxx>, "Dan Lewis Randall" <drandall@xxxxxxxxxx>
Sender: owner-ietf-open-pgp@xxxxxxx

Nice thinking, Patrick, but why go to all that trouble when there is a key
generator that continually generates unpredictable keys of any size as often
as you want  and synchronizes them across a link without transmitting any
info about them.  It's called the ASK ToolKit(tm).  See www.keygen.com

Regards,

Myron Lewis,
President,
KeyGen Corporation.
781-860-0108
-----Original Message-----
From: Robert Hettinga <rah@xxxxxxxxxxxxxx>
To: espam@xxxxxxxxxxxxxxx <espam@xxxxxxxxxxxxxxx>
Date: Wednesday, December 17, 1997 9:14 AM
Subject: Improving resistance against attacks


>---------------------------------------------------------------------
>This mail is brought to you by the e$pam mailing list
>---------------------------------------------------------------------
>
>From: Patrick Feisthammel <pafei@xxxxxxxx>
>Reply-To: Patrick Feisthammel <pafei@xxxxxxxx>
>To: ietf-open-pgp@xxxxxxx
>cc: Patrick Feisthammel <pafei@xxxxxxxx>
>Subject: Improving resistance against attacks
>MIME-Version: 1.0
>Sender: owner-ietf-open-pgp@xxxxxxx
>Precedence: bulk
>
>-----BEGIN PGP SIGNED MESSAGE-----
>
> Hi!
>
> After the thread about weak RSA keys in sci.crypt, I tought about
> improving the security against attacks on the public keys.
>
> My propoal in short: Use multiple keys at the same time.
>
>
> Why using multiple keys at the same time
> ========================================
> If a key is generated, there is a probability p, that there is a 'fast'
> algorithm to factorize this key. For two keys, the probability, that
> both are 'easy' to break is p^2. And therefore much smaler.
>
>
> How it works
> ============
> To encrypt some data d with two keys K1 and K2:
>   1. Create a one time pad o (random data) of the same length as d.
>   2. Encrypt the data d with o: c1= E(d, o)
>   3. Encrypt the result from step 2 with the key K1: c2= E(c1, K1)
>   4. Encrypt the one time pad with key K2: c3= E(o, K2)
>   5. The encrypted data is the concatenation of c2 and c3.
>
> To decrypt:
>   1. Decrypt c3 with K2: o= D(c3, K2)
>   2. Decrypt c2 with K1: c1= D(c2, K1)
>   3. Decrypt the data: d= D(c1, o)
>
> If key K1 is broken, only c2 can be decrypted. Because without the one
> time pad o, the knowledge about the data is still zerol
> If key K2 is broken, the one time pad is known, but this also does not
> give any information about the data d.
>
> Some thougths have to be done for multiple recipients, that two broken
> keys of different recipients don't reveal the cleartext.
>
>
> Communication with PGP 2.6.x and PGP 5.x
> ========================================
> The usage of two keys can easaly be added to the today version with
> one key:
>   - Add the information about the key id of the second key in the
>     public key, as non critical information.
>   - pgp-2keys checks if the receipient has a one-key public key. If he
>     has, the old encryption/signing is used. If not, the new system is
>     used.
> Users of pgp-1key will always encrypt/sign with only one key, which is the
> today used scheme. pgp-2key users can communicate with the schema
> proposed in this mail.
> This way it is fully compatible with todys versions. (Or at least as
> compatible as today versions)
>
>
> 2 keys or m keys
> ================
> Of course, this system can easaly be extended to the more general case
> of m keys. The keys could even be from other key algorithms.
>
>
> What do you think? Would this be a suitable way to reduce the risk
> given by the usage of one signle key?
> Could this be an idea for later versions of OpenPGP?
>
>
> Cheers, Patrick
>
>
>
>
>
>
> - --
>  PGP-KeyID: DD934139 (pafei@xxxxxxxx)    encrypt mail with PGP if possible
>  more about PGP on http://www.rubin.ch/pgp/ (in german only at the moment)
>
>
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3i
> Charset: noconv
>
> iQESAwUBNJeAe5VgYabdk0E5AQFLvgfkCKj+9dmpQMAYBxyKRKUnNpMIVvbIqOIB
> Cn/ja5vUy+Z9NPX8dBKkiqlTS2vbJV88awtnjGE761M0983kLiX8gzdzMUQoC8bM
> CJobaGHK9J1UjOzzJdCtxGbBYkqjVAU8UQec8d1d787u1MRcpjZg/AwOvcGLFLYs
> wXhWA89/wur9487Jc/wxx2gtf+rphgdQcLrSTxmx25LISwJG4jLPvINbWbk+YC7W
> jqB2vwHx0ZmEyyPOHsMpIqQ+Y9s1B2Mm9ckft9jcRbmG/w0MJezr58A8SWnbJHxl
> A3yAXCYivlwinfk6LyNBulh5YiV7N/rVPtj+mwRNgp5FsgPrZg==
> =8pFP
> -----END PGP SIGNATURE-----
>
>
>----------------------------------------------------------------------
>Where people, networks and money come together:        Consult Hyperion
>http://www.hyperion.co.uk/                          info@xxxxxxxxxxxxxx
>----------------------------------------------------------------------
>Full-Strength Cryptographic Solutions for Worldwide Electronic Commerce
>http://www.c2.net/                                    stronghold@xxxxxx
>----------------------------------------------------------------------
>Like e$? Help pay for it!
>For e$/e$pam contributions or sponsorship:  <mailto:rah@xxxxxxxxxxxxxx>
>----------------------------------------------------------------------

Prev by Date: Re: Where is the symmetric algorithm defined?
Next by Date: Re: Improving resistance against attacks
Previous by thread: Improving resistance against attacks
Next by thread: Re: Improving resistance against attacks
Index(es):
- Date
- Thread