pgpfan:downgrade
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
pgpfan:downgrade [2020/07/11 15:01] – A good way to think about this b.walzer | pgpfan:downgrade [2020/07/11 15:05] (current) – wrong identity case b.walzer | ||
---|---|---|---|
Line 5: | Line 5: | ||
When PGP is used in a unidirectional application like email a downgrade attack is impossible for the simple reason that any sort of negotiation of the method to be used is impossible. Negotiation would require some sort of reverse channel which in this case doesn' | When PGP is used in a unidirectional application like email a downgrade attack is impossible for the simple reason that any sort of negotiation of the method to be used is impossible. Negotiation would require some sort of reverse channel which in this case doesn' | ||
- | If you want to send someone an encrypted message using PGP you need one of their PGP identities. If that identity is, say, based on 2048 bit RSA encryption then you have to use 2048 bit encryption to encrypt that message. If you use any other type of encryption your correspondent will not be able to decrypt it as they will not have the corresponding private key. | + | If you want to send someone an encrypted message using PGP you need one of their PGP identities. If that identity is, say, based on 2048 bit RSA encryption then you have to use 2048 bit encryption to encrypt that message. If you use any other type of encryption your correspondent will not be able to decrypt it as they will not have the corresponding private key. |
+ | |||
+ | If you can trick someone into sending a message to the wrong PGP identity then you would not have to bother with a downgrade attack. You could just have them send the message to one of your PGP identities. | ||
Any preference information is embedded in the PGP identity (public key). This is the preference information from an identity generated from a recent version of GnuPG: | Any preference information is embedded in the PGP identity (public key). This is the preference information from an identity generated from a recent version of GnuPG: |
pgpfan/downgrade.1594479686.txt.gz · Last modified: 2020/07/11 15:01 by b.walzer