From: Lars.Nordstrom@abc.se
Date: Thu Nov 09 2000 - 13:24:58 CET
Hello all.
On 2000-11-08 mulinux@sunsite.auc.dk said:
mu>You can use PGP to decrypt, using the passphrase "mulinux".
mu>Is is true: this is my first real usage of the IDEA cryptography.
mu>(Ok, in this case this is not true "cryptography", but a sort
mu>of "steganography", or "cryptography against the baby" :-) )
Yes, it works.
And it is true encryption but with no public key. It uses a
secret key, the passphrase. But now that key isn't secret
anymore. :-)
mu>I would like to ask to Lars Nordstrom, own crypto-guy on the list,
mu>if there is a simple way to generate a key for the address
mu>mulinux@sunsite.auc.dk
mu>so every subscriber can read/send PGP encrypted message. How
mu>to handle a such mechanism? What kind of hand-shake is required
mu>beetween us, the subscribers?
AFAIK, this will be complicated and clumsy. I've seen
discussions on this subject in comp.security.pgp.discuss and
decided not to try it. :-)
PGP isn't designed to do this but can be used in several ways:
Each member of the list have the same secret key to decrypt the
messages which means it's not secret at all.
Each member has the public key of every other member and
encrypts all messages to everybody. Each message can be
encrypted with several keys so only one message needs to be
sent to the list.
Each member uses mulinux public key to encrypt and send a
message to the list. The list server has the public keys of
every list member. The server decrypts messages and encrypts
them again to each member with his/her public key and sends
them.
To decrypt a message on my own computer takes several seconds
and I have to write the passphrase for each one. For the
relatively low volume on this list it could be done for a few
days before I get tired of it. On a high volume list, well...
And then we have the problem of authenticating keys...
I can't see the benefit of an encrypted list but I've been
wrong before. Please tell.
What I have seen in other places is that the list moderator
signs each cleartext message. Then the readers can verify that
a message isn't forged.
Regards,
Lars
"Computers are like air conditioners
- they stop working properly when you open Windows"
Net-Tamer V 1.10.1 - Registered
---------------------------------------------------------------------
To unsubscribe, e-mail: mulinux-unsubscribe@sunsite.auc.dk
For additional commands, e-mail: mulinux-help@sunsite.auc.dk
This archive was generated by hypermail 2.1.6 : Sat Feb 08 2003 - 15:27:16 CET