Cryptography Reference
In-Depth Information
For example, blocks are 8 bytes long in IDEA. What you do is shove the
ciphertext bytes into an 8-byte shift register and XOR one byte each with one
plaintext byte. The shift register is newly IDEA-encrypted every eight steps.
Nobody prevents you from encrypting the shift register more often, it just takes
more computation time. This is exactly what PGP does, only the distances
between encryptions can be irregular. This is one of Zimmermann's interesting
ideas. You can find details in the comment ahead of the
ideaCfbSync()
function
in the
idea.c
file.
The IV is put right in front of the encrypted message, as usual. In addition, the
last two bytes of the IV are ahead of the
unencrypted
message, which is then
encrypted together with these bytes. This allows you to easily check whether or
not the correct key is used during the decryption, as described in Section 5.1.3.
The
ideaCfbSync()
function mentioned above seems to be intended for better
security. But even without this trick, an attacker would have two bytes of
plaintext to go with a ciphertext at most, which won't do him any good.
Traffic Analysis
National intelligence agencies are often not interested in the contents of mes-
sages at all, while being very interested in finding
who
sends a message
when
and
to whom
. Regularly recording these data supplies insightful information
about a user. You can read how this is done at
ftp.cs.colorado.edu:/pub/cs/techreports/schwartz/Email.Study.txt.Z
(This article is also included on our Web site: we will discuss this further in
Section 8.2.1.)
An encrypted PGP mail includes no information whatsoever about the receiver
or the sender. Of course, the mailer attaches such information, but it can be
easily forged. Some anonymous remailers let you blur the traces, albeit not
secret-service-proof. In contrast, PEM mail (see Section 7.2) contains a rather
large heap of information in the clear inside the header.
7.1.4 PGP Versions—OpenPGP and GnuPG
There is no question that PGP has become a standard. Though the design
leaves a couple of wishes unfulfilled (see below), it represents a cryptologically
