Flaws of PGP or GPG + Root of Trust

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/8

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 2:19 PM on 4/20/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

9 Terms

1
New cards

All systems based on cryptography work by relying on a root of trust,

something that a protocol can build security on top of.

2
New cards

A root of trust can be a secret or a public value

that we start the protocol with or an out-of-band channel that we can use to obtain them

3
New cards

A surprising flaw of PGP comes from the fact that the signing and encryption operations are composed without care.

because of this naive composition of cryptographic algorithms, one can re-encrypt a signed email they received and send that to another recipient

4
New cards

PGP uses

old cryptographic algorithms.

5
New cards

PGP does not have authenticated encryption

and is, thus, not secure if used without signatures

6
New cards

Due to bad PGP design, receiving a signed message

doesn’t necessarily mean we were the intended recipient.

7
New cards

There is no forward secrecy by default

in PGP

8
New cards
9
New cards