[Discuss] KeePassX
Richard Pieri
richard.pieri at gmail.com
Tue Aug 13 17:40:28 EDT 2013
John Abreau wrote:
> Nope, sorry, each individual message has its own unique session key.
> Cracking the session key on one particular message tells you nothing
> about the session key on subsequent messages.
If I decrypt the message by breaking the session key then yes, I can
only decrypt that one message.
But, if I can do this then I know what the session key is. This means
that I have a 100% known plain-text correspondence with the encrypted
session key. This may make it easier to attack a given RSA or DSA key pair.
Attacking the RSA or DSA asymmetric keys directly is believed to be more
difficult than attacking the session key. Given that the NSA has
approved both for commercial use, just as they have approved AES for
commercial use, I assume that they are aware of exploitable weaknesses
in both.
--
Rich P.
More information about the Discuss
mailing list