Re: V3 secret keys

nagydani@epointsystem.org (Daniel A. Nagy) Thu, 02 February 2006 20:53 UTC

Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1F4lSg-0007oz-2G for openpgp-archive@megatron.ietf.org; Thu, 02 Feb 2006 15:53:50 -0500
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA08345 for <openpgp-archive@lists.ietf.org>; Thu, 2 Feb 2006 15:52:06 -0500 (EST)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k12Kh6Bf092369; Thu, 2 Feb 2006 12:43:06 -0800 (PST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id k12Kh6rF092368; Thu, 2 Feb 2006 12:43:06 -0800 (PST)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.epointsystem.org ([195.228.156.120]) by above.proper.com (8.12.11/8.12.9) with ESMTP id k12Kh5Um092362 for <ietf-openpgp@imc.org>; Thu, 2 Feb 2006 12:43:05 -0800 (PST) (envelope-from nagydani@epointsystem.org)
Received: by mail.epointsystem.org (Postfix, from userid 1001) id 3F92A2B45D2; Thu, 2 Feb 2006 21:43:04 +0100 (CET)
Date: Thu, 02 Feb 2006 21:43:04 +0100
To: Wim Lewis <wiml@hhhh.org>
Cc: OpenPGP <ietf-openpgp@imc.org>, Adam Back <adam@cypherspace.org>, Ben Laurie <ben@algroup.co.uk>
Subject: Re: V3 secret keys
Message-ID: <20060202204304.GA8476@epointsystem.org>
References: <43E20DB6.30209@algroup.co.uk> <20060202140612.GA13906@epointsystem.org> <43E23D08.10806@algroup.co.uk> <20060202184601.GA20613@bitchcake.off.net> <Pine.NEB.4.62.0602021105420.13506@photomat.hhhh.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <Pine.NEB.4.62.0602021105420.13506@photomat.hhhh.org>
User-Agent: Mutt/1.5.6+20040907i
From: nagydani@epointsystem.org
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>

On Thu, Feb 02, 2006 at 11:57:50AM -0800, Wim Lewis wrote:

> As I understand it (it's been a while...), normal CFB has no concept of 
> partial block encryption except at the end of the stream.

Yes it does. The whole point of CFB is that it can encrypt arbitrary block
lengths up to the block size of the used block cipher. That is why it is
used in interactive applications.

> What I've written above is very much not the way that pgp2.6.2 thinks of 
> the operation, but I'm pretty sure it's equivalent.

Right, your description is equivalent, but different from the traditional
view of CFB. I implemented CFB resynchronization based on the description in
Bruce Schneier's "Applied Cryptography", without looking into any
implementations. The result was interoperable at first attempt.

> >From the comment in 2.6.2:
> 
>  * Phil invented a unique way of doing CFB that's sensitive to semantic
>  * boundaries within the data being encrypted.
> [... detailed explanation snipped ... ]
>  *                                    This is equivalent to using a
>  * shorter feedback length (if you're familiar with the general CFB
>  * technique) briefly, and doesn't weaken the cipher any (using shorter
>  * CFB lengths makes it stronger, actually), it just makes it a bit unusual.

I somewhat disagree. Following semantics with block length may indeed be
PZ's innovation, but variable block length is one of the reasons why CFB has
been invented in the first place.
 
-- 
Daniel