Fixing the MDC language
Jon Callas <jon@callas.org> Fri, 20 September 2002 06:39 UTC
Received: from above.proper.com (mail.proper.com [208.184.76.45]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id CAA14472 for <openpgp-archive@lists.ietf.org>; Fri, 20 Sep 2002 02:39:49 -0400 (EDT)
Received: by above.proper.com (8.11.6/8.11.3) id g8K6UEs28009 for ietf-openpgp-bks; Thu, 19 Sep 2002 23:30:14 -0700 (PDT)
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.11.6/8.11.3) with ESMTP id g8K6UDk28000 for <ietf-openpgp@imc.org>; Thu, 19 Sep 2002 23:30:13 -0700 (PDT)
Received: from [63.73.97.180] (63.73.97.165) by merrymeet.com with ESMTP (Eudora Internet Mail Server 3.1.2) for <ietf-openpgp@imc.org>; Thu, 19 Sep 2002 23:30:09 -0700
User-Agent: Microsoft-Entourage/10.1.0.2006
Date: Thu, 19 Sep 2002 23:30:09 -0700
Subject: Fixing the MDC language
From: Jon Callas <jon@callas.org>
To: OpenPGP <ietf-openpgp@imc.org>
Message-ID: <B9B00E81.94D3%jon@callas.org>
Mime-version: 1.0
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit
Here's a proposed fix to the oops that Hal found:
-----
The plaintext of the data to be encrypted is passed through the SHA-1 hash
function, and the result of the hash is appended to the plaintext in a
Modification Detection Code packet. The input to the hash function includes
the prefix data described above which acts as a weakly keyed hash; it
includes all of the plaintext, and then also includes two octets of values
0xD0, 0x14. These represent the encoding of a Modification Detection Code
packet tag and length field of 20 octets.
The resulting hash value is stored in a Modification Detection Code packet
which MUST use the two octet encoding just given to represent its tag and
length field. The body of the MDC packet is the 20 octet output of the
SHA-1 hash.
The Modification Detection Code packet is appended to the plaintext and
encrypted along with the plaintext using the same CFB context.
During decryption, the plaintext data should be hashed with SHA-1, including
the prefix data as well as the packet tag and length field of the
Modification Detection Code packet. The body of the MDC packet, upon
decryption, is compared with the result of the SHA-1 hash. Any difference
in hash values is an indication that the message has been modified and
SHOULD be reported to the user. Likewise, the absence of an MDC packet, or
an MDC packet in any position other than the end of the plaintext, also
represent message modifications and SHOULD also be reported.
-----
I can quickly (like in 30 minutes) pop off another draft if this is
acceptable. Comments ASAP.
Jon
- Fixing the MDC language Jon Callas
- Re: Fixing the MDC language Hal Finney
- Re: Fixing the MDC language John Kane