IETF Logo Mail Archive

Re: Better S2K functions for OpenPGP?

"Robert J. Hansen" <rjh@sixdemonbag.org> Sun, 13 December 2009 15:11 UTC

Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id nBDFBUka031486 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 13 Dec 2009 08:11:30 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id nBDFBUsk031485; Sun, 13 Dec 2009 08:11:30 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from shards.monkeyblade.net (shards.monkeyblade.net [198.137.202.13]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id nBDFBSWv031479 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf-openpgp@imc.org>; Sun, 13 Dec 2009 08:11:29 -0700 (MST) (envelope-from rjh@sixdemonbag.org)
Received: from [10.1.10.2] (c-68-50-111-93.hsd1.dc.comcast.net [68.50.111.93] (may be forged)) (authenticated bits=0) by shards.monkeyblade.net (8.14.1/8.14.1) with ESMTP id nBDFAQaN011379 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Sun, 13 Dec 2009 07:10:27 -0800
Message-ID: <4B2503F2.20704@sixdemonbag.org>
Date: Sun, 13 Dec 2009 10:10:42 -0500
From: "Robert J. Hansen" <rjh@sixdemonbag.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.1.5) Gecko/20091204 Thunderbird/3.0
MIME-Version: 1.0
To: Ian G <iang@systemics.com>
CC: IETF OpenPGP Working Group <ietf-openpgp@imc.org>, Daniel Franke <df@dfranke.us>
Subject: Re: Better S2K functions for OpenPGP?
References: <20091209151735.2444a67b@feanor.vpn.dfranke.us> <4B245AF1.5000408@systemics.com> <20091213003013.00003950@fingolfin.vpn.dfranke.us> <4B24F694.8040809@systemics.com>
In-Reply-To: <4B24F694.8040809@systemics.com>
X-Enigmail-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: ClamAV 0.88.7/10158/Sat Dec 12 19:08:55 2009 on shards.monkeyblade.net
X-Virus-Status: Clean
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.1.1 (shards.monkeyblade.net [198.137.202.13]); Sun, 13 Dec 2009 07:10:28 -0800 (PST)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On 12/13/2009 09:13 AM, Ian G wrote:
> Security is a risk-based business, not an absolute science.

I agree with this entire message.  My comments here are just my own
postscript.

So far there's been talk about the marginal rewards from changing, but
not much talk about the risks.  If implementors abandon their mature,
stable s2k code in favor of a new s2k algorithm, the implementors will
very likely be increasing the bug count in their s2k code.  We hope
these bugs would get found quickly; however, there are no guarantees.
Those are two bottom-line truths we cannot get away from.

That doesn't mean components shouldn't be changed.  It just means
components shouldn't be changed lightly.  There needs to be an
engineering justification for changing the s2k algorithm, not just
"because it would be cool."

v2.23.0 | Report a Bug | By Email