PGP signatures
John Thompson
PMMAIL Discussion List <PMMAIL-L@VM.EGE.EDU.TR>
Sun, 25 Apr 1999 18:17:17 -0500
On Sun, 25 Apr 1999 19:29:05 +0300, Cristian Secara wrote:
>>Perhaps all PGP users should stop signing their routine messages, but should
>>encrypt them instead. That would eliminate the extra consumption of bandwidth
>>and those unsightly PGP signatures at the bottoms of the messages.
>Letting aside the aberration, you seem to ignore that a (PGP) encrypted
>message is much longer than the same message, but not encrypted.
Actually, it will usually be shorter because as part of the encryption
process, PGP will compress the plaintext before encryption.
>Do a test: compose a single word message, then send it to yourself,
>encrypted. Then look at the (received) message with 'View Full Message'
>option.
A single word message is hardly a real-world example. Instead take a
regular size message (eg ~1-2k) and try that. The reason a single word
message will be larger is because the key is included with the message.
Keys are relatively incompressible (little redundancy, or they wouldn't be
good keys) but as the message size increases, the relative size of the key
to the plain text becomes less significant. It doesn't take long before
the PGP compression routine (incidently, the same algorithm as used in
gzip and PkZip) manages to create a ciphertext that is smaller than the
original.
John (john.thompson@ibm.net)