1996-11-11 - RE: Apology to Dale Thorn

Header Data

From: “James A. Tunnicliffe” <Tunny@inference.com>
To: “‘Dale Thorn’” <dthorn@gte.net>
Message Hash: dc39fc71e2ec43fbea460d2ac0344bbb35c15b205525c297816dd427284ad182
Message ID: <c=US%a=%p=Inference%l=LANDRU-961111194442Z-2433@landru.novato.inference2.com>
Reply To: _N/A

UTC Datetime: 1996-11-11 19:45:52 UTC
Raw Date: Mon, 11 Nov 1996 11:45:52 -0800 (PST)

Raw message

From: "James A. Tunnicliffe" <Tunny@inference.com>
Date: Mon, 11 Nov 1996 11:45:52 -0800 (PST)
To: "'Dale Thorn'" <dthorn@gte.net>
Subject: RE: Apology to Dale Thorn
Message-ID: <c=US%a=_%p=Inference%l=LANDRU-961111194442Z-2433@landru.novato.inference2.com>
MIME-Version: 1.0
Content-Type: text/plain


Dale Thorn writes (in part):

>I'm tending to think that, instead of using PGP for all encoding (even
>though it may have multiple facilities for all situations), a message
>could be encrypted with a good trusted private-key system or whatever,
>then the private key encrypted with the Public Key software and sent
>either separately or with the message.

But you've described exactly what PGP does.  It encrypts the message
with a "good, trusted private-key system" -- IDEA, which has undergone
significant peer review, has a long-enough key (128 bits), and has
exhibited no significant weaknesses or shortcuts to brute force (which
is impossible, given the key length).  It then encrypts the IDEA session
key that was used with the recipient's public key, and bundles the the
IDEA-encrypted message and the RSA-encrypted session key (and
optionally, a signed hash of the message) for delivery to the recipient.

Tunny
======================================================================
 James A. Tunnicliffe   | WWWeb: http://www.inference.com/~tunny
 Inference Corporation  | PGP Fingerprint:   CA 23 E2 F3 AC 2D 0C 77
 tunny@Inference.com    |                    36 07 D9 33 3D 32 53 9C
======================================================================






Thread