From: norm@netcom.com (Norman Hardy)
Date: Thu, 26 Aug 93 19:15:51 PDT
To: cypherpunks@toad.com
Subject: Re: Commercial PGP: Verifying Trustworthiness
Message-ID: <9308270215.AA19598@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Forwarding for cdodhner@indirect.com (Christian D. Odhner)
 
> 
> peter honeyman <honey@citi.umich.edu> says:
> > pgp and viacrypt will always generate differnt outputs: pgp
> > adds some pseudo-random stuff to the start of the file it is
> > encrypting to ensure that a file encrypts differently each time. 
> This means that I am trusting the "pseudo-random" stuff not to be
> some secrets that PGP has read from my disk. The only benefit
> that I see to the pseudo-random stuff is to send the same message
> to several people without revealing the fact that the messages are
> the same except to those that can decode the messages.
> 
I could very well be wrong about this one, but since pgp uses a random
idea session key each time you encrypt, wouldn't that in fact ensure that
no two encryptions of the same file with the same public key are ever the
same? Why then would random stuff be needed? 
 
Happy Hunting, -Chris
<cdodhner@indirect.com>
PGP public key available upon request.