Subj : Re: Decoding this...
To : Vk3jed
From : Bbsing.Bbs
Date : Thu Aug 08 2019 10:51 am
-=> Vk3jed wrote to Bbsing.Bbs <=-
-=> On 08-02-19 23:48, Bbsing.Bbs wrote to Vk3jed <=-
-=> Vk3jed wrote to Bbsing.Bbs <=-
Vk> Hmm, OK. :) So multiplie ciphertexts, each a copy of the same
Vk> plaintext
Bb> No.., one cyber text, but within the encoded message exists multiple
Bb> public keys.
Bb> I haven't tried to actually identify a public key in a cyber text
Bb> message outside of the gnugp functions. .. you can imagine though, the
Bb> more public keys aka recipients, the larger the cyber text message can
Bb> get.
Vk> But given that encryption is normally done by a combination of public
Vk> and private keys in pairs, how does that work?
What I haven't done is look at a few file attributes where adding more public
keys increases the size of the ascii armor file.
If it does increase, then you could possibly assume mathematically that the
difference between the same message with 1 recipient vs 2 recipient where
recipient 1 is in both messages, the difference would be recipient 2 and you
would be able to obtain their public key.
How to find out? .. well it may be possible via gnupg.
If you are in the recipient list, .. maybe remove all your secret keys from
your key ring, and attempt to decrypt using gnupg and see what keys its asking
for. Once you find out, then you can re-import your key and attempt to pull the
other recipients public key out.
A major problem exits due to salting. Where salting makes each encrypted
message unique so how to overcome that where you have the original message,
your public key, and some other unknown key inside the message, the deduction
starts with (the message + your public key) - (unknown recipient public key.
salt .. now you have this other unknown.
I will have to spin up a vm and attempt these test. I've never tried it. I'm
sure someone has already thought of this and tested it, but I've never research
it before.
In cases of cracking .. its best to just obtain the users key ring, and attempt
brute force on each secret key.
Vk> Offline mail does work well for PGP/GPG. I used to have a PGP add-on
Vk> for Bluewave back in the day. A similar add-on could work for GPG and
Vk> Multimail. It hooked the editor, the offline reader would call the
Vk> encryption system, and if you wanted to write a message, the system
Vk> would then pass control to the actual editor.
I will have to attempt to enable pgp for multimail.
