When using (Thunderbird and) GnuPG to send a PGP/MIME message to two separate re

Question

When using (Thunderbird and) GnuPG to send a PGP/MIME message to two separate recipients, with the text body different in both messages, but the same file attached to both of them, does this give an outside attacker that observes the traffic any additional advantage without knowledge of the plain text?

I realize that this allows attacker to guess I sent the same file (emails beyond a certain size can be guessed to contain attached files anyway). But what I am interested in is whether this gives an attacker a tangible advantage of any kind that could allow to retrieve the plain text?

Keys used are RSA, recipient key is 2k, mine is 4k.

Explanation / Answer

In general when addressing encryption as long as two different session keys are used, and something other than block cipher mode ECB is used, very rarely will patterns be seen in the encryption.

GPG supports compression which would remove most patterns in the data first. It then uses one time randomly generated session keys to symmetrically encrypt the message with CAST5 (by default, and supports most other standard symmetric cipher algorithms). This means that each message you encrypt will be encrypted with a different session key with a secure algorithm. I would feel safe in sending two emails with 2048-bit or 4096-bit public keys.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.