Quote from: nomodeset on July 21, 2012, 04:10 pmQuote from: LouisCyphre on July 21, 2012, 02:39 pmNot "often" *always*.I've described what happens when encrypting a message with an OpenPGP public key elsewhere in this thread.Ok, thanks for useful information.By the way, why is the length of all of the three messages the same: 807 charactersWill it change when anyone just adds one more character?That appears to be a function of the symmetric cipher used and yes, in my tests of encrypting symmetrically adding one more character of white space changed the size of the output file.Quote from: nomodeset on July 21, 2012, 04:10 pmAnd wouldn't it be possible to make the attack based on the length of the message when one encrypted the plain address and compared the number of characters of the encrypted and stored messages?It depends on whether the size of the ciphertext relates to the size of the plaintext. This may be difficult to judge since OpenPGP compresses the plaintext prior to encryption and larger messages utilise compression more effectively.Adding one character of whitespace added 4 bytes to the ciphertext, adding the letter "A" did the same thing, but adding the trademark symbol added 8 bytes to the ciphertext. So even if the ciphertext size directly relates to the size of the plaintext, there's still no way to know if the original plaintext contains specific information. In the case of an address, there are plenty of addresses which would be the same size when entered into a file, all it takes is the same number of digits in a street number and the same number of letters in a street name and already you have a large number of addresses in your own suburb which would have the same size of a plaintext file.If you are concerned that law enforcement might try to use an argument along these lines to "prove" that an encrypted file contains your address, then get a cryptanalyst as your expert witness.Most OpenPGP messages are encrypted using AES as the symmetric cipher and AES is not vulnerable to the known-plaintext attack[1] you describe. It was very effective against Enigma,[2] but not against modern ciphers.Quote from: nomodeset on July 21, 2012, 04:10 pmQuote from: LouisCyphre on July 21, 2012, 02:39 pmAt the very least you should read the Wikipedia article on PGP to get an overview of what happens.I would prefer this one:http://cacr.uwaterloo.ca/hac/If you're reading that or Bruce Schneier's Applied Cryptography then I'm surprised you're not already familiar with Diffie-Hellman key exchange and how OpenPGP actually works.1) https://en.wikipedia.org/wiki/Known-plaintext_attack2) https://en.wikipedia.org/wiki/Enigma_machine