From: norm@netcom.com (Norman Hardy)
Date: Thu, 26 Aug 93 19:22:37 PDT
To: cypherpunks@toad.com
Subject: Re: Commercial PGP: Verifying Trustworthiness
Message-ID: <9308270218.AA19958@netcom3.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


cdodhner@indirect.com (Christian D. Odhner) says:
> I could very well be wrong about this one, but since pgp uses a random
> idea session key each time you encrypt, wouldn't that in fact ensure that
> no two encryptions of the same file with the same public key are ever the
> same? Why then would random stuff be needed? 
 
I knew that! I forgot that! Thanks for reminding me. Back to the drawing board!
A protocol where the user controlled the session key would be more awkward
but would solve that problem. On the otherhand that isn't the PGP protocol.