I have wondered how easy it would be to throw a spanner in the works of
any expert hacker attempting to decrypt pgp-encrypted TEXT. I have in
mind slightly "corrupting" the ASCII-armored output by, e.g.,

(1) swapping the first and second digits on line 6, or
(2) inverting the case of the first alphabetic character on line 6, or
(3) swapping the complete line 6 with line 7, or
(4) removing line 6 entirely (and transmitting it separately by a totally
secure means.

How easy should I expect it to be for an expert decrypter to
(i) identify the spot in the encrypted file where there is an "error",
(and hence try all feasible possibilities in an attempt to find a
fix), or
(ii) succeed in decripting at least part of the file in the face of any
one of these corruptions, in the event that he is unable to find
a fix that overcomes my deliberate alterations.)

Basically, I'm interested in knowing how far through the decryption
process one small error in the ASCII-armored code will fatally propagate.
--
Truthfullness, Compassion, Tolerance.

[ Post a follow-up to this message ]

["Followup-To:" header set to alt.privacy.anon-server.]
On Fri, 18 Nov 2005 06:34:34 +0100, Falun Gong wrote in
Message-Id: <b79d1666260ebfe53c5b88e505d6e545@msgid.frell.theremailer.net>:

> I have wondered how easy it would be to throw a spanner in the works of
> any expert hacker attempting to decrypt pgp-encrypted TEXT. I have in
> mind slightly "corrupting" the ASCII-armored output by, e.g.,
With respect, I doubt an "Expert Hacker" would even attempt to decrypt a
PGP encrypted message that he didn't have the key for.  Even if it was
clearly understood that the message in question was of enourmous value,
he would still appreciate the futility of trying.

--
pub  1024D/8ED57743 2003-07-08 Bananasplit Operator
Key fingerprint = 796F 67E0 E890 A0BB BDAE  EBB4 94A6 7A09 8ED5 7743
uid                            Admin <admin.bananasplit.info>

[ Post a follow-up to this message ]

On Fri, 18 Nov 2005 09:55:32 +0000 (UTC), Zax
<fleegle@bananasplit.info> wrote:

>["Followup-To:" header set to alt.privacy.anon-server.]
>On Fri, 18 Nov 2005 06:34:34 +0100, Falun Gong wrote in
>Message-Id: <b79d1666260ebfe53c5b88e505d6e545@msgid.frell.theremailer.net>:
> 
>With respect, I doubt an "Expert Hacker" would even attempt to decrypt a
>PGP encrypted message that he didn't have the key for.  Even if it was
>clearly understood that the message in question was of enourmous value,
>he would still appreciate the futility of trying.
>
>--
>pub  1024D/8ED57743 2003-07-08 Bananasplit Operator
>     Key fingerprint = 796F 67E0 E890 A0BB BDAE  EBB4 94A6 7A09 8ED5 7743
>uid                            Admin <admin.bananasplit.info>
>
does that also apply for pgp "conventional encryption"?
ukmp

[ Post a follow-up to this message ]

On Fri, 18 Nov 2005 14:51:37 GMT, ukmp@otherdayjob.gravytrain.co.uk wrote:

>does that also apply for pgp "conventional encryption"?

Hi. Let me take a stab at that. Any PGP msg already uses conventional
(symmetric) encryption. If I were to send a PGP encrypted msg to you using
your public key, it would work like this, IIRC:

The msg is first encrypted using conventional encryption. Then the key to
decrypt that, is itself encrypted using your public key. The newly
encrypted key is combined with the conventionally encrypted msg, and
bundled with some headers. The whole thing might then be "ascii armored' to
allow it to be sent through email.

When you receive it, you first use your private key to decrypt the
conventional key. Then you use the conventional key to decrypt the body of
the msg.

Why not just use the asymmetric encrytion/decryption for the entire
process? That's because it would take rather longer. For msgs like this, it
probably wouldn't matter much at all. But for large files, or for a PGP
remailer doing many small messages, it would.

On top of that, your private key (from your asymmetric public/private pair)
is likely stored on your computer, as most all do, unless you keep it on
some other storage device. To prevent anybody from just lifting it and
using it to decrypt all of your incoming PGP msgs, that private key is
itself conventionally encrypted - with your passphrase - so only the
encrypted private key is stored.

So, whether PGP can be broken depends on the underlying ciphers, and also
the number of bits in a key.

HTH

and I'll await any corrections to what I've said 

[ Post a follow-up to this message ]

On Fri, 18 Nov 2005 06:34:34 +0100, Falun Gong wrote:
>I have wondered how easy it would be to throw a spanner in the works of
>any expert hacker attempting to decrypt pgp-encrypted TEXT. I have in
>mind slightly "corrupting" the ASCII-armored output by, e.g.,
>
>(1) swapping the first and second digits on line 6, or
>(2) inverting the case of the first alphabetic character on line 6, or
>(3) swapping the complete line 6 with line 7, or
>(4) removing line 6 entirely (and transmitting it separately by a totally
>    secure means.
>
>How easy should I expect it to be for an expert decrypter to
>(i) identify the spot in the encrypted file where there is an "error",
>    (and hence try all feasible possibilities in an attempt to find a
>    fix), or
>(ii) succeed in decripting at least part of the file in the face of any
>     one of these corruptions, in the event that he is unable to find
>     a fix that overcomes my deliberate alterations.)
>
>Basically, I'm interested in knowing how far through the decryption
>process one small error in the ASCII-armored code will fatally propagate.

Zax <fleegle@bananasplit.info> replied:
>With respect, I doubt an "Expert Hacker" would even attempt to decrypt a
>PGP encrypted message that he didn't have the key for.

The scenario I'm interested in is one where the attacker possesses both
the public and private keys.
--
Truthfullness, Compassion, Tolerance.

[ Post a follow-up to this message ]

Falun Gong wrote:

> On Fri, 18 Nov 2005 06:34:34 +0100, Falun Gong wrote: 
>
> Zax <fleegle@bananasplit.info> replied: 
>
> The scenario I'm interested in is one where the attacker possesses both
> the public and private keys.

In this case it wouldn't matter one bit what you did to any encrypted
because an educated attacker would have the ability to generate as much as
they wanted, and it would be known plaintext where your tampered with
message wouldn't be. No educated attacker wouldn't even mess with an
encrypted message at all until they'd already cracked the pass phrase. Why
take the chance someone might have corrupted the unknown encrypted text
after all. <grin>

> --
> Truthfullness, Compassion, Tolerance.

[ Post a follow-up to this message ]

On Wed, 23 Nov 2005 15:48:02 +0000, anon wrote:

> In this case it wouldn't matter one bit what you did to any encrypted
> because an educated attacker would have the ability to generate as much as
> they wanted, and it would be known plaintext where your tampered with
> message wouldn't be. No educated attacker wouldn't even mess with an
> encrypted message at all until they'd already cracked the pass phrase. Why
> take the chance someone might have corrupted the unknown encrypted text
> after all. <grin>

Can somebody translate that into English?

[ Post a follow-up to this message ]

On Fri, 18 Nov 2005 06:34:34 +0100, Falun Gong wrote:
>I have wondered how easy it would be to throw a spanner in the works of
>any expert hacker attempting to decrypt pgp-encrypted TEXT. I have in
>mind slightly "corrupting" the ASCII-armored output by, e.g.,
>
>(1) swapping the first and second digits on line 6, or
>(2) inverting the case of the first alphabetic character on line 6, or
>(3) swapping the complete line 6 with line 7, or
>(4) removing line 6 entirely (and transmitting it separately by a totally
>    secure means.
>
>How easy should I expect it to be for an expert decrypter to
>(i) identify the spot in the encrypted file where there is an "error",
>    (and hence try all feasible possibilities in an attempt to find a
>    fix), or
>(ii) succeed in decripting at least part of the file in the face of any
>     one of these corruptions, in the event that he is unable to find
>     a fix that overcomes my deliberate alterations.)
>
>Basically, I'm interested in knowing how far through the decryption
>process one small error in the ASCII-armored code will fatally propagate.

Zax <fleegle@bananasplit.info> replied:
>With respect, I doubt an "Expert Hacker" would even attempt to decrypt a
>PGP encrypted message that he didn't have the key for.

The scenario I'm interested in is one where the attacker possesses both
the public and private keys and has captured the passphrase.
--
Truthfullness, Compassion, Tolerance.

[ Post a follow-up to this message ]

On 25 Nov 2005, Falun Gong <falun.gong@oppressed.gov.ch> wrote:
>On Fri, 18 Nov 2005 06:34:34 +0100, Falun Gong wrote: 
>
>Zax <fleegle@bananasplit.info> replied: 
>
>The scenario I'm interested in is one where the attacker possesses both
>the public and private keys and has captured the passphrase.
>--

In that scenario, the attacker is now the owner and can read and write
anything. That is not considered an attack. Hope that didn't happen to you,
KYAGbye!

[ Post a follow-up to this message ]