IETF Logo Mail Archive

Re: [openpgp] On composing scrypt and openpgp s2k key stretching for symmetric encryption

Jon Callas <jon@callas.org> Fri, 23 May 2014 14:41 UTC

Return-Path: <jon@callas.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3DBE61A0476 for <openpgp@ietfa.amsl.com>; Fri, 23 May 2014 07:41:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bMZl-JkfSjM2 for <openpgp@ietfa.amsl.com>; Fri, 23 May 2014 07:41:11 -0700 (PDT)
Received: from mail.merrymeet.com (merrymeet.com [173.164.244.100]) by ietfa.amsl.com (Postfix) with ESMTP id F32D81A0198 for <openpgp@ietf.org>; Fri, 23 May 2014 07:41:10 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.merrymeet.com (Postfix) with ESMTP id 33DDB54098FF; Fri, 23 May 2014 07:41:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at merrymeet.com
Received: from mail.merrymeet.com ([127.0.0.1]) by localhost (merrymeet.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CS9-rN0k6RUV; Fri, 23 May 2014 07:41:08 -0700 (PDT)
Received: from keys.merrymeet.com (keys.merrymeet.com [173.164.244.97]) by mail.merrymeet.com (Postfix) with ESMTPSA id 9BEF454098F2; Fri, 23 May 2014 07:41:06 -0700 (PDT)
Received: from [10.0.23.30] ([173.164.244.98]) by keys.merrymeet.com (PGP Universal service); Fri, 23 May 2014 07:41:08 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Fri, 23 May 2014 07:41:08 -0700
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.2\))
From: Jon Callas <jon@callas.org>
In-Reply-To: <20140523090334.GA25165@belenus.iks-jena.de>
Date: Fri, 23 May 2014 07:41:05 -0700
Message-Id: <4BEA8A87-85A1-4625-A067-FA60D1798BCF@callas.org>
References: <CAHVUoiQAFthafuGCjegJQr8WFC-myR2ecHDz7mRggeyBE5KUSQ@mail.gmail.com> <5E5B20C2-7647-4437-A489-7321CC8079C6@callas.org> <20140523090334.GA25165@belenus.iks-jena.de>
To: Lutz Donnerhacke <lutz@donnerhacke.de>
X-Mailer: Apple Mail (2.1878.2)
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/-pfAGV6Lvp_MbUEfaBkpWMiHYQI
Cc: Brian Gitonga Marete <marete@toshnix.com>, openpgp@ietf.org, Jon Callas <jon@callas.org>
Subject: Re: [openpgp] On composing scrypt and openpgp s2k key stretching for symmetric encryption
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 May 2014 14:41:12 -0000

> Yep. One aspect was already mentioned "NUL" characters. The obvious counter
> measurement was also mentionen "base64". But this reduces the possible input
> variation. It might be possible to mount an attack on it.

If you can, the hash function is broken. Assuming of course that you're taking then entire expanded string. Any textification of a string is just a sloppy coding, and if the hash function has odd properties, then it's very, very broken.

> 
> The general rule is: If you fear, that the default algorithm is not safe,
> change it! You can't incease security by chaining algorithms.

Yes! I couldn't agree more. 

	Jon

v2.23.0 | Report a Bug | By Email