# RE: PGP scripting...

**From:** Beatie, Breck (ISSMountain View) (*BBeatie@iss.net*)

**Date:** 01/22/03

**Next message:**X-Force: "ISS Security Brief: Microsoft SQL Slammer Worm Propagation"

**Previous message:**Beatie, Breck (ISSMountain View): "RE: PGP scripting..."**Maybe in reply to:**Beatie, Breck (ISSMountain View): "RE: PGP scripting..."**Messages sorted by:**[ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 22 Jan 2003 15:27:01 -0500 From: "Beatie, Breck (ISSMountain View)" <BBeatie@iss.net> To: "Glynn Clements" <glynn.clements@virgin.net>

Ahhh, yes that does make more sense to me. Thank you for taking the

time to explain. And thank you for explaining it clearly and using

small words. I received several other responses privately that said

basically the same thing as you, but a lot less clearly.

Thanks again.

Breck

-----Original Message-----

From: Glynn Clements [mailto:glynn.clements@virgin.net]

Sent: Wednesday, January 22, 2003 12:06 PM

To: Beatie, Breck (ISSMountain View)

Cc: secprog@securityfocus.com; Andre Mariën

Subject: RE: PGP scripting...

Beatie, Breck (ISSMountain View) wrote:

*> > Please do not use public key encryption for bulk data, even if
*

*> > you accept the long times. It is a bad idea. If there are n
*

*> > possible messgaes, it only takes at most n trials to decrypt
*

*> > the message, no matter your key size (if the encrypting key is known;
*

*> > typically it is the public key and it is known).
*

*> > This problem is justification in itself to have a two stage system
*

*> > for encryption of bulk data.
*

*> > (there is someone at counterpane that can explain it in more detail ;-)
*

*>
*

*> I'm not sure I understand the point of this message. It seems that
*

*> you are saying that you can figure out the cleartext message by taking
*

*> the n possible cleartext messages and encrypting with the known public
*

*> key until you find the cipher text. That much makes sense, but since
*

*> we were talking about encryption of bulk data it seems that the number
*

*> of possible messages would be VERY large and such an approach would
*

*> not be workable.
*

*>
*

*> It seems that your comment would even argue AGAINST the "two stage"
*

*> system that you're talking about. The total number of possible symmetric
*

*> keys would be much less than the total number of possible messages.
*

*>
*

*> But then I'm a bit of a crypto ignoramus. If you (or someone) would
*

*> elaborate a bit I would be grateful.
*

I think that you're misinterpreting the term "bulk data" slightly;

it is referring to the actual plaintext (subject to any

transformations such as compression), not necessarily to a *large*

amount of data.

The context may greatly reduce the set of possible plaintexts, even

below the size of a symmetric key. Suppose that you can guess almost

the entire plaintext (e.g. because it's generated automatically by a

specific piece of software), and the only thing which you *can't*

guess is a very small section e.g. a credit card number, you could

attempt a brute-force search of all plausible credit card numbers,

which is likely to be easier than brute-forcing a 128-bit symmetric

key.

To take an extreme (and somewhat contrived) example, suppose that you

know that the message will either be "The deal is on" or "The deal is

off"; although the message would occupy at least 112 bits as ASCII,

you only really have one bit of data, and you would only have to

encrypt the two candidate messages to determine which one was actually

sent.

In short, with the two-stage approach, you have a fixed lower bound on

the number of possible plaintexts, and for a 128-bit key, this is well

beyond brute-force viability with current hardware, even for the NSA.

OTOH, directly encrypting the plaintext provides no such lower bound.

-- Glynn Clements <glynn.clements@virgin.net>

**Next message:**X-Force: "ISS Security Brief: Microsoft SQL Slammer Worm Propagation"**Previous message:**Beatie, Breck (ISSMountain View): "RE: PGP scripting..."**Maybe in reply to:**Beatie, Breck (ISSMountain View): "RE: PGP scripting..."**Messages sorted by:**[ date ] [ thread ] [ subject ] [ author ] [ attachment ]