[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
pgp-stealth (Re: Chosen-ciphertext attack on receiver anonymity)
There was some work done on this as a filter to pgp (2.x) called
Basically it should be able to make a reversible transformation where
the output has unbiased rectangular distribution throughout (for both
key-transport, and remove any boilerplate).
openpgp has become a bit more complex since pgp2x but I think there
are potential customers for this -- as input to steganography
There was some discsussion a long time ago now in the context of the
feature under discussion here of whether pgpstealth-like functionality
could be added as a builtin feature of a pgp implementation.
As an external filter I'm not sure the 0x000... or short keyid would
really help the transformation because the transformation has to
anyway be wrt a specific key. ie so you're actually trying each key
with a trial transformation so it would actually hook either
externally where the empty keyid picks a key, does trial
transformation, tries to decrypt, fails, skips to the next keyid in
Of course there are also other potential uses for hiding the recipient
-- broadcast of a message (eg to alt.anonymous.messages), where the
recipient is by prior arrangement scanning for messages he can
Anyway pgp-stealth is at present a bit of an orphan project. It might
be interesting / useful to update it as a standalone filter working
with openpgp or re-write it as a gnupg extension, or something like
On Tue, Jul 12, 2005 at 04:18:20PM -0700, Brent Waters wrote:
> It seems from everyone's comments that there is a desire/need to complete
> this particular RFC, which makes sense.
> I do think, however, that it would also make sense to eventually define an
> encryption standard that has "Key-Privacy" built in. I think the norm
> should be for the ciphertext not to reveal the receiver's identity. If
> an application wishes to do so they can always tag the ciphertext with the
> identity and an application that does not wish to do so is not forced to.
> Anyway, if anyone has interest furthering this idea on a different venue
> let me know.
> On Wed, 6 Jul 2005, Jon Callas wrote:
> >>Right, that's what I feared. Has anyone actually
> >>implemented it *and* seen a benefit out in the field?
> >I think we should leave it the way it is.
> >Sorry. I want to put this RFC to bed, and that means we have to stop
> >making tweaks.
> > Jon