Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] KeePassX

John Abreau wrote:
> Nope, sorry, each individual message has its own unique session key.
> Cracking the session key on one particular message tells you nothing
> about the session key on subsequent messages.

If I decrypt the message by breaking the session key then yes, I can 
only decrypt that one message.

But, if I can do this then I know what the session key is. This means 
that I have a 100% known plain-text correspondence with the encrypted 
session key. This may make it easier to attack a given RSA or DSA key pair.

Attacking the RSA or DSA asymmetric keys directly is believed to be more 
difficult than attacking the session key. Given that the NSA has 
approved both for commercial use, just as they have approved AES for 
commercial use, I assume that they are aware of exploitable weaknesses 
in both.

Rich P.

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /