On Sun, 10 Jan 2010 14:02 +0100, "Werner Koch" <w...@gnupg.org> wrote: > On Sun, 10 Jan 2010 04:44:35 -0500, ved...@hush.com wrote: > > > symmetrical encryption is a simple way to avoid signing, while > > still maintaining relative reliability of knowledge as to who sent > > the message > > That is not true. For example you can't detect a replay or MitM > attack.
Forgive me, but how is a MitM attack possible against a symmetric cypher using a shared, secret key? A MitM attack is really an attack on key exchange, as it requires the MitM to intercept at least one public key, and substitute another (one of his own) for it. Using symmetric crpyto, however, the key must be prearranged, or exchanged by some other trusted means. Assuming only the sender and receiver of the message know the secret key, I fail to see what a MitM can accomplish. Of course, if we just broadcast the secret key on the Internet, or something, then it's not much good--but anyone using symmetric crypto should know better. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
