El 24/8/25 a las 19:11, Eli Schwartz escribió:
On 8/24/25 7:07 AM, Michael wrote:Is so ridiculous that with your theory ANYONE could obtain any private key just with a public key because you can write text plain, encrypt it with and compare both. Please stop doing that kind of affirmations.All encryption methods and ciphers are secure, until ... they no longer are.Your theory is only valid for a few old (really old) encryptions algorythms and usually symmetric.Sure, this stands today, but tomorrow new mathematical solutions could be discovered, better computational technologies developed, larger data storage, etc. No doubt resistant algos and ciphers would be devised in turn to counteract it thereafter, but what's broken is broken. If I were a dissident under totalitarian rule and my family's life depended on it, I would consciously choose to be needlessly paranoid rather than take a chance. Living in a free society and for communicating casually with friends, I'd trust the math. YMMV.If I were a dissident under totalitarian rule and my family's life depended on it, I would stake my and their life on the belief that new attacks against cryptography use entirely new attack methodologies and defending against the attacks originally used to break the Caesar Cipher is a waste of time. I'd focus rather more on ensuring messages which I send, use algorithms known to be secure today, and avoid sending incriminating information unless it has a "limited shelf life" -- i.e. if the government records the message and in 20 years gets the ability to decrypt it, it cannot cause harm anymore. As part of that, don't send more information than is necessary. If you're leaving email quotes in your replies, that may include something the other person shouldn't have said but let slip, and keeping it in *every* message means many more chances for the totalitarian government to record the message for 20 years in the future when they break it. That is a **much** better reason to avoid quoting existing emails than "known quoted content could be used to attack the algorithm, I heard it was successfully used to attack the Caesar Cipher". Related: forward secrecy protects against future compromise of the secret key (but not compromise of the crypto algorithm itself).
If I would live in a totalitarian country I would use steganography, as Rick Snel scubed tool.
https://penta.onlineklassenboek.nl/~rsnel/scubed/There are countries that could make you give them your passphrases. With this you could easily give one passphrase but not others, and simply tell them that the remainder space of the dvd+r is simply free space.
GPG has to be seen as a envelope mail tool, it's hard enough to resist attacks really well, reason why openpgp were in focus of USA gov and his exportation crypto restrictions but in a time RSA algorithm used to crypt recent mails would be broken by key length or something else..
It's stupid to use gpg to for example illegal things since receiver could have proofs of your crime and with no repudation because of signature it get's proven enough that you are the criminal.
Gpg is for hide the content mail to gossip admins as mail admins that likes, while eating popcorn and drinking a coke, read others mail with morbid actitude, as could be watching your holidays photographs with your girlfriend.
RSA keys 4096 bits length today will be vulnerable maybe in 20 years from now, then all mails sent now could be unencrypted by one gossip mail admin that had a copy. In 20 years we would have to revoke our recent key and use one of 8192 o 16386 bits length.
OpenPGP_0x57E64E0B7FC3BEDF.asc
Description: OpenPGP public key
OpenPGP_signature.asc
Description: OpenPGP digital signature
