Ralf Hauser said:
To my understanding,
If I send a message with attachments, the attachment filename is visible
without cryptanalysis.
Would it be hard to give the encrypted file a random name and only upon
decryption, give it back its real name?
http://www.ietf.org/rfc/rfc2440.txt doesn't appear state anything on this
issue.
Isn't that kind of giving away information that could be easily protected
-
or did I miss something?
Rgds
Ralf
Ralf,
This is totally an implementation detail.
Many mail programs that integrate PGP or GnuPG already *do* obfuscate the
filename, calling it encrypted.dat.asc or data.asc or
somerandomstring.asc. If the asc file has an embedded filename, any
OpenPGP compatible client should be able to retrieve the file name upon
decryption.
There are times when knowing the filenmae may be more important than
obfuscating it for security reasons. The reverse is most certainly true
as well.
In my opinion, it should probably be left as an implementation detail for
each OpenPGP compatible mail client to decide on.
Regards,
- Brian