Re: [openpgp] OpenPGP SEIP downgrade attack
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 08 October 2015 14:59 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EDC6C1A21AA for <openpgp@ietfa.amsl.com>; Thu, 8 Oct 2015 07:59:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.011
X-Spam-Level:
X-Spam-Status: No, score=-0.011 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YT9tTWQEX-4f for <openpgp@ietfa.amsl.com>; Thu, 8 Oct 2015 07:59:18 -0700 (PDT)
Received: from mx4.auckland.ac.nz (mx4.auckland.ac.nz [130.216.125.248]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6079D1A1AE3 for <openpgp@ietf.org>; Thu, 8 Oct 2015 07:59:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=auckland.ac.nz; i=@auckland.ac.nz; q=dns/txt; s=mail; t=1444316358; x=1475852358; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=XyGQB8tZ1D+OMwTCHP6/v/42GDr8afh/FTMbU2UgYes=; b=xqKh8NO2fpxA/F/PbQT5eFPWvcWfeRh2qGOxX8G3zVlO575vTxvleLAa cTpbtPA3YHZIueDhbyiEDwBvynKrzHX97ITyq1IyYTuRjsftIM5g6pRql l3x4p6kovG/Eb+MyJ6HkKptChmE9TsnOVkz671RK3GfuR9+lzK8UMQiVY 9mfIApx/iWwptx9acHsc/4nvHQMz3ys1KJJiSWENVTpmSUgQaz75q9FKF J3nkVAH3b5gZtTcREw/9hzEQ/ibKq0V+6hrzxXVrdtAOY2F+o/FTqqeBa M3TgIKi1Bgr+Uqpq6V+s3VR1W+w/G1cVKHJ/fTqYhEwKZ+f/SALRoEhND Q==;
X-IronPort-AV: E=Sophos;i="5.17,655,1437393600"; d="scan'208";a="47360665"
X-Ironport-HAT: MAIL-SERVERS - $RELAYED
X-Ironport-Source: 130.216.4.125 - Outgoing - Outgoing
Received: from uxchange10-fe3.uoa.auckland.ac.nz ([130.216.4.125]) by mx4-int.auckland.ac.nz with ESMTP/TLS/AES128-SHA; 09 Oct 2015 03:59:16 +1300
Received: from UXCN10-5.UoA.auckland.ac.nz ([169.254.5.51]) by uxchange10-fe3.UoA.auckland.ac.nz ([169.254.143.234]) with mapi id 14.03.0174.001; Fri, 9 Oct 2015 03:59:16 +1300
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Werner Koch <wk@gnupg.org>
Thread-Topic: [openpgp] OpenPGP SEIP downgrade attack
Thread-Index: AQHQ/3dAIgzGDRicekamqnyxIGnZTZ5gcUt1gAFDQuw=
Date: Thu, 08 Oct 2015 14:59:15 +0000
Message-ID: <9A043F3CF02CD34C8E74AC1594475C73F4B2D532@uxcn10-5.UoA.auckland.ac.nz>
References: <56128436.40607@assured.se> <87y4fh4210.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4B28383@uxcn10-5.UoA.auckland.ac.nz> <87k2r04hak.fsf@vigenere.g10code.de> <9A043F3CF02CD34C8E74AC1594475C73F4B2C5B4@uxcn10-5.UoA.auckland.ac.nz>, <87si5m1ncm.fsf@vigenere.g10code.de>
In-Reply-To: <87si5m1ncm.fsf@vigenere.g10code.de>
Accept-Language: en-NZ, en-GB, en-US
Content-Language: en-NZ
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [130.216.158.4]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/CFq05d28gRIfAYkv-eko7gKcPZc>
Cc: "cfrg@mail.ietf.org" <cfrg@mail.ietf.org>, Jonas Magazinius <jonas.magazinius@assured.se>, "cryptography@metzdowd.com" <cryptography@metzdowd.com>, "openpgp@ietf.org" <openpgp@ietf.org>
Subject: Re: [openpgp] OpenPGP SEIP downgrade attack
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Oct 2015 14:59:23 -0000
Werner Koch <wk@gnupg.org> writes: >When taking up these trouble why got for a slow method whilst faster methods >are available. AES-GCM is only fast on CPUs with dedicated hardware support for it (PCLMULQDQ on x86), it's actually quite slow in pure software (on x86 the slowdown is about an order of magnitude). The figures are really all over the place depending on what system it's running on, so it's a bit hard to generalise any statement about it. (It's also not clear whether someone encrypting a 10k email message with PGP is going to notice it being processed at 100MB/s or 150MB/s). >OCB works with all 128 bit block length ciphers and is faster than GCM. It's also a lot more patented than GCM. (I actually really like OCB and don't like GCM much, but the patent situation makes it pretty problematic). Peter.
- [openpgp] OpenPGP SEIP downgrade attack Jonas Magazinius
- Re: [openpgp] OpenPGP SEIP downgrade attack Watson Ladd
- Re: [openpgp] OpenPGP SEIP downgrade attack Werner Koch
- Re: [openpgp] OpenPGP SEIP downgrade attack Neil Hunsperger
- Re: [openpgp] OpenPGP SEIP downgrade attack Peter Gutmann
- Re: [openpgp] OpenPGP SEIP downgrade attack Peter Gutmann
- Re: [openpgp] OpenPGP SEIP downgrade attack David Leon Gil
- Re: [openpgp] OpenPGP SEIP downgrade attack Werner Koch
- Re: [openpgp] OpenPGP SEIP downgrade attack Peter Gutmann
- Re: [openpgp] OpenPGP SEIP downgrade attack Werner Koch
- Re: [openpgp] OpenPGP SEIP downgrade attack Jon Callas
- Re: [openpgp] OpenPGP SEIP downgrade attack Peter Gutmann
- Re: [openpgp] OpenPGP SEIP downgrade attack Werner Koch
- Re: [openpgp] OpenPGP SEIP downgrade attack Watson Ladd