Jon Callas wrote:
On 12 Mar 2005, at 3:24 AM, Ingo Luetkebohle wrote:
Even better would be to have individually encrypted parts. This is
possible with PGP/MIME but not current practice. Trouble being, of
course, that the sender would have to know this is in advance.
Better for whom?
One of the reasons that practice is to not have individually encrypted
parts is that that has not been considered as good, meaning not as
secure. It isn't as convenient for an entity who doesn't have the keys
to process such a message, and that's been considered a feature rather
than a bug.
I'm struggling to understand this - how does this make it any easier for
an attacker? (Other than log_2(n), where n is the number of parts, for
the brute force attack).
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff