On Friday, 22 August 2025 23:49:00 British Summer Time Javier Martinez wrote: > El 23/8/25 a las 0:34, Dale escribió: > > > Javier Martinez wrote: > > > >> El 22/8/25 a las 23:45, Dale escribió: > >> > >>> It is best when you start sending encrypted that you start a fresh > >>> email, don't reply to a unencrypted email with a encrypted one. If a > >>> hacker figures out some of the message based on what was not encrypted, > >>> it can then get the rest, or it makes it easier. That's my > >>> understanding anyway. > >> > >> > >> > >> I wouldn't be afraid with this, why? if it's truth anybody that send > >> an encrypted mail could obtain private key from the receiver since has > >> the plain text message and the public key. > >> > >> > >> > >> Assymetric cryptography are resillient because they use math operands > >> really bigger, not simple multiplications and divisions, instead > >> exponential ones and modulus from divisions. So it's something like > >> starting that 3/2=1 with a modulus of 1. You have modulus, you can > >> have the number 2, but how many numbers divided by 2 has a mod of 1, > >> you dont have the division result only one of the divisors. So it > >> could be all impar ones. Which one would be the correct one? (that is > >> our private key). The numbers usually are prime numbers, really big > >> primes. > >> > >> > >> > >> This is a very simplistic (and surely wrong) approach but it's like > >> this. > > > > > > > > I'm no expert on this but I was told that mixing encrypted and not > > encrypted could make it easier for it to be hacked. If you are sure it > > is not, then go ahead and send mixed ones. If you right, no problem. > > If you wrong, well, you the one that gets hacked. I hope it's not info > > you don't want known to others. > > > > Dale > > > > > > :-) :-) > > > > > > Probably in some symmetrical cryptographic algorithms what you says > could be truth, here....I really doubt it.
Back in the era of the i386 CPU, cracking PGP was deemed infeasible, from a purely computationally-expensive point of deriving the larger prime factors. Hence, various side-channel attacks were conceived. Today and in the future, with supercomputers and quantum computing experimentation, the problem of factoring the two primes probably becomes easier when unlimited amounts of money and huge computing power is applied to this effort. Also, as Snowden had mentioned, entropy in many devices is inadequate, consequently weakening the resultant crypto. I think for any single GPG encrypted email message, or file, with the session key being embedded in the message itself, the problem remains very difficult, but with the use of residue classes perhaps not impossible. There's also the problem of compromised PCs and servers leaking private keys: https://www.reddit.com/r/programming/comments/4hcvvi/ 200_pgp_keys_and_counting_publicly_broken/ The problem of cracking each and every session key however, all encrypted with different session keys, becomes totally impractical at present without having access to the private key. Hence state actors have been storing all our communication data. Store now, hoping to crack later. GnuPG is already looking at post-quantum public-key algorithm extensions, but I'd guess most people are not using such keys yet: https://www.ietf.org/archive/id/draft-wussler-openpgp-pqc-01.html A public key on a keyserver is only to be trusted as far as the verified email account goes. In itself it does not provide proof of the identity of the person who happens to own the email account. This is why key signing parties were/are used, to confirm off-line the ownership of public keys in face-to- face meetings, verify identities using formal documents and build a dependable Web-of-Trust.
signature.asc
Description: This is a digitally signed message part.
