Re: [openpgp] Partial review of the crypto refresh
Daniel Huigens <d.huigens@protonmail.com> Thu, 24 November 2022 15:22 UTC
Return-Path: <d.huigens@protonmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 79B31C14F734 for <openpgp@ietfa.amsl.com>; Thu, 24 Nov 2022 07:22:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=protonmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9AQe7EWTrx4z for <openpgp@ietfa.amsl.com>; Thu, 24 Nov 2022 07:22:34 -0800 (PST)
Received: from mail-4322.protonmail.ch (mail-4322.protonmail.ch [185.70.43.22]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6D33DC14F72F for <openpgp@ietf.org>; Thu, 24 Nov 2022 07:22:34 -0800 (PST)
Date: Thu, 24 Nov 2022 15:22:28 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1669303352; x=1669562552; bh=F9mnh1CSHKmfax8p3NbMK0dH78hiLow/vyuKb8N886o=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=UOSpJLWtvi1yqnjsLO8Z1nMi62/CsGtsGg6DmxhPCdA2/sdHouZQNRYSjlD8VtGwO iYZWHLRmfVYsuxHqHUzTsm8RH54SVRXPjwUJ99tb6oMgl/QXb85ooU3X+1qz/oHYMB rffDeKse+hwfpfvNRolhf1gADPptQuJ8n199Hal0f9frClNINdOzoqVHoSfecxj2Ei 2jA2Q/ygmmFdeQde7znU+QHnQb903jYU5P2VWygMY1n2ue049Bu11oDOhrylCfPHXT GsC0b6FhfolF4XmXxpnfWzvZce6Yr9bfooIdCohUIIzhQWdq+sAqWv0ko6wcUFZprP dqSmvRjEAa7Ag==
To: Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>
From: Daniel Huigens <d.huigens@protonmail.com>
Cc: IETF OpenPGP WG <openpgp@ietf.org>
Message-ID: <xSyr2aLL4WSuERbvOHNbOmueLFUAatnuVmcpHDTASzuu1RciUQz0nnjxrnLygi35Ju2envcT6-sL450atkay2Y24hCOuwl415nGA_gplJlk=@protonmail.com>
In-Reply-To: <F3DD8D6F-A421-434D-9073-5CD3109421DA@andrewg.com>
References: <HniDSkOrqQhzJeIb0B_7yLgQjsIDVZZdGPnwttTdfpk4LCN7B4Nh1J6xzv1eZIV-OR6UemykSEdao4pWe5gFfr5BUWhEfHX8mdj6Jhla6xg=@protonmail.com> <F3DD8D6F-A421-434D-9073-5CD3109421DA@andrewg.com>
Feedback-ID: 2934448:user:proton
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/FZD9JfJD-23gevC-pPexalBVylk>
Subject: Re: [openpgp] Partial review of the crypto refresh
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Nov 2022 15:22:38 -0000
Hi Andrew, > I’m not convinced this makes it any clearer. Maybe “the process is > repeated a large number of times”? But what process? This still sounds to me like multiple hashes are created, each one containing the salt and passphrase once, or something like that. But that's not what actually happens, there is only one hash that's created (well - unless the hash output is too short, but that's not what this paragraph is about) and the data is passed to that multiple times. So I think it's important to clarify that it's the hash input that's repeated, not the entire hashing process. > IMO this should be kept in. Even if it is not currently true, it may > become true again during the lifetime of this standard. Sure, but.. this applies to any standard that makes use of encryption. Do other standards contain such warnings? And should we really warn about this, given that - if the warning is heeded - it sounds like the course of action would be to reduce security to comply with the "government control"? It doesn't really sound like a security consideration to me, in any case. Best, Daniel
- [openpgp] Partial review of the crypto refresh Daniel Huigens
- Re: [openpgp] Partial review of the crypto refresh Andrew Gallagher
- Re: [openpgp] Partial review of the crypto refresh Daniel Huigens
- Re: [openpgp] Partial review of the crypto refresh Paul Wouters
- Re: [openpgp] Partial review of the crypto refresh Marcus Brinkmann
- Re: [openpgp] Partial review of the crypto refresh Daniel Huigens
- Re: [openpgp] Partial review of the crypto refresh Paul Wouters
- Re: [openpgp] Partial review of the crypto refresh Marcus Brinkmann
- Re: [openpgp] Partial review of the crypto refresh Andrew Gallagher