I use GnuPG to encrypt a file locally symmetric encryption An attempt to decrypt the encrypted version of the file with a wrong passphrase results - to my suprise - in the following error message
gpg: decryption failed: bad key instead of decrypting the file into a corrupted (due to the wrong passphrase) version of the original file. I am now wondering how GnuPG can judge that the entered passphrase to decrypt the file is -indeed- a bad key (as to say a wrong passphrase provided)? Actually I think of the result (though it didn't reveal the contained information) still as bad because the attacker can somehow be sure that tried passphrase is wrong. Background to my question is that if you'd use the encryption of GnuPG to encrypt some data that is less easy to be verified as beeing correctly decrypted (i. e because it is itself another key to unlock some other encryption) then the fact of not knowing that the decryption failed can facilitate the attacker the work because he can then keep on trying to crack the encryption without having to consider that the result he otherwise would have got is actually already the truth. Best regards, Alexander -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger?did=10 _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
