Re: [openpgp] 4880bis: Update S2K
Werner Koch <wk@gnupg.org> Thu, 30 April 2015 08:06 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3D5C1ACEF8 for <openpgp@ietfa.amsl.com>; Thu, 30 Apr 2015 01:06:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ht7bl4tCjadX for <openpgp@ietfa.amsl.com>; Thu, 30 Apr 2015 01:06:51 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com [217.69.77.222]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9A751ACEFA for <openpgp@ietf.org>; Thu, 30 Apr 2015 01:06:45 -0700 (PDT)
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.80 #2 (Debian)) id 1YnjUa-0006Vx-2j for <openpgp@ietf.org>; Thu, 30 Apr 2015 10:06:44 +0200
Received: from wk by vigenere.g10code.de with local (Exim 4.84 #3 (Debian)) id 1YnjPL-0000FO-Qb; Thu, 30 Apr 2015 10:01:19 +0200
From: Werner Koch <wk@gnupg.org>
To: David Leon Gil <coruus@gmail.com>
References: <5527B621.3040104@cs.tcd.ie> <877ftkqhr4.fsf@vigenere.g10code.de> <alpine.GSO.1.10.1504101556210.22210@multics.mit.edu> <CAA7UWsVTF4tgvaE+S4++JDHy7eHu6Kbus7RTX793pvDLHowm1g@mail.gmail.com> <87egnbs4fp.fsf@vigenere.g10code.de> <5538A5A9.2020703@polimi.it> <CAOyHO0zutrEZBp0UgA1+10kEvvDw2QWcM3gEkn-FrignoP_nvA@mail.gmail.com> <CAOyHO0wvYVciTVbb0HF+qvE7d3ar=Z2+TcsHcsKErb9gmZ=g6w@mail.gmail.com> <2F8871E0-3DF9-4EF3-A136-5F104BF7307F@callas.org> <9A043F3CF02CD34C8E74AC1594475C73AB0075D3@uxcn10-tdc05.UoA.auckland.ac.nz> <6EAE2413-E6BD-41EB-9A0D-9A56EB18B07B@callas.org> <87mw1sbusl.fsf@vigenere.g10code.de> <553FC996.3010500@googlemail.com> <87618g83v4.fsf@vigenere.g10code.de> <553FF387.9000501@googlemail.com> <CAA7UWsXHkzpPmB5ZKewt3_VwyWtumsG0FF1AtBh_4O1zM90GHA@mail.gmail.com> <87wq0v794r.fsf@vigenere.g10code.de> <sjmbni72fj7.fsf@securerf.ihtfp.org> <CAA7UWsWgeV654fhqeuuJ8+RADfVj1AcprdYqqntdWd5B1j94YQ@mail.gmail.com>
Organisation: g10 Code GmbH
X-message-flag: Mails containing HTML will not be read! Please send only plain text.
OpenPGP: id=F2AD85AC1E42B367; url=finger:wk@g10code.com
Mail-Followup-To: David Leon Gil <coruus@gmail.com>, Derek Atkins <derek@ihtfp.com>, Nils Durner <ndurner@googlemail.com>, "alessandro.barenghi\@polimi.it" <alessandro.barenghi@polimi.it>, "openpgp\@ietf.org" <openpgp@ietf.org>, Jon Callas <jon@callas.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>
Date: Thu, 30 Apr 2015 10:01:19 +0200
In-Reply-To: <CAA7UWsWgeV654fhqeuuJ8+RADfVj1AcprdYqqntdWd5B1j94YQ@mail.gmail.com> (David Leon Gil's message of "Wed, 29 Apr 2015 14:18:19 +0000")
Message-ID: <878uda59kg.fsf@vigenere.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/oLz_mOlyVvFLXmBhQWcx0nosjsM>
Cc: Nils Durner <ndurner@googlemail.com>, "alessandro.barenghi@polimi.it" <alessandro.barenghi@polimi.it>, "openpgp@ietf.org" <openpgp@ietf.org>, Jon Callas <jon@callas.org>, Peter Gutmann <pgut001@cs.auckland.ac.nz>, Derek Atkins <derek@ihtfp.com>
Subject: Re: [openpgp] 4880bis: Update S2K
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Apr 2015 08:06:53 -0000
On Wed, 29 Apr 2015 16:18, coruus@gmail.com said: > I think that both I and Tom Ritter have previously linked to Adam Langley's > post on this: Doing this right requires 'packetizing' data and computing IIRC, that is about "cat foo | decrypt | tar xf -" There are lot of reasons why storing data on a system may fail. It does not help if you are early notified about tampered data instead of checking that after having processed all data. For example an attacker might tamper with the last blocks of the data and your intermittent checks won't help at all. Using Unix tools requires workmanship. Unix is a set of tools which are very powerful if used right. For example for using above quoted pipeline you need to make sure several things: For example, is your tar safe and does not follow ".." file name parts. Of course you unpack into a freshly created subdirectory to avoid cluttering the current directory. You need to check that all tools finished with success, have all kind of extra checks applied to verify signatures during "decrypt", and only then to the mv dance to replace old data by the freshly untared one. Remember: Unix is a user-friendly; it is just picky with whom it chooses to be friends. I would also like to a have a random access encrypted data format option but I doubt that this should be the goal of OpenPGP. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
- [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] details of 4880bis work Werner Koch
- [openpgp] details of 4880bis work Stephen Farrell
- Re: [openpgp] details of 4880bis work ianG
- Re: [openpgp] 4880bis: Update S2K Benjamin Kaduk
- Re: [openpgp] details of 4880bis work Christoph Anton Mitterer
- Re: [openpgp] details of 4880bis work Nils Durner
- Re: [openpgp] details of 4880bis work Tom Ritter
- Re: [openpgp] details of 4880bis work Stephen Farrell
- Re: [openpgp] details of 4880bis work Benjamin Kaduk
- Re: [openpgp] details of 4880bis work ianG
- Re: [openpgp] details of 4880bis work Stephen Paul Weber
- Re: [openpgp] 4880bis: Compression (was: details … Werner Koch
- Re: [openpgp] 4880bis: Compression (was: details … Wyllys Ingersoll
- Re: [openpgp] 4880bis: Compression (was: details … Phillip Hallam-Baker
- Re: [openpgp] details of 4880bis work Jon Callas
- Re: [openpgp] 4880bis: Compression (was: details … Jon Callas
- Re: [openpgp] 4880bis: Compression (was: details … Jon Callas
- Re: [openpgp] 4880bis: Compression (was: details … Bill Frantz
- Re: [openpgp] details of 4880bis work Jon Callas
- Re: [openpgp] 4880bis: Compression (was: details … Christoph Anton Mitterer
- Re: [openpgp] details of 4880bis work Christoph Anton Mitterer
- Re: [openpgp] details of 4880bis work Peter Gutmann
- Re: [openpgp] 4880bis: Compression (was: details … Daniel Kahn Gillmor
- Re: [openpgp] details of 4880bis work Vincent Breitmoser
- Re: [openpgp] 4880bis: Compression Werner Koch
- Re: [openpgp] details of 4880bis work Peter Gutmann
- Re: [openpgp] details of 4880bis work Vincent Breitmoser
- Re: [openpgp] details of 4880bis work Stephen Farrell
- Re: [openpgp] details of 4880bis work Werner Koch
- Re: [openpgp] details of 4880bis work Phillip Hallam-Baker
- Re: [openpgp] details of 4880bis work Christoph Anton Mitterer
- Re: [openpgp] details of 4880bis work Christoph Anton Mitterer
- Re: [openpgp] details of 4880bis work Christoph Anton Mitterer
- [openpgp] Opening up the debate on PKI / WoT / fu… ianG
- Re: [openpgp] details of 4880bis work Vincent Breitmoser
- Re: [openpgp] details of 4880bis work Derek Atkins
- Re: [openpgp] Opening up the debate on PKI / WoT … Stephen Farrell
- Re: [openpgp] details of 4880bis work Derek Atkins
- Re: [openpgp] details of 4880bis work Derek Atkins
- Re: [openpgp] Opening up the debate on PKI / WoT … Derek Atkins
- Re: [openpgp] details of 4880bis work Vincent Breitmoser
- Re: [openpgp] details of 4880bis work Werner Koch
- Re: [openpgp] Opening up the debate on PKI / WoT … ianG
- Re: [openpgp] Opening up the debate on PKI / WoT … ianG
- Re: [openpgp] Opening up the debate on PKI / WoT … Phillip Hallam-Baker
- Re: [openpgp] Opening up the debate on PKI / WoT … Derek Atkins
- Re: [openpgp] details of 4880bis work Ben McGinnes
- Re: [openpgp] Opening up the debate on PKI / WoT … Ben McGinnes
- Re: [openpgp] details of 4880bis work Ben McGinnes
- Re: [openpgp] details of 4880bis work Ben McGinnes
- Re: [openpgp] Opening up the debate on PKI / WoT … Phillip Hallam-Baker
- Re: [openpgp] details of 4880bis work Werner Koch
- [openpgp] rfc3880bis - hard expiration time (was:… Werner Koch
- Re: [openpgp] details of 4880bis work Ben McGinnes
- Re: [openpgp] details of 4880bis work Christoph Anton Mitterer
- Re: [openpgp] details of 4880bis work Werner Koch
- Re: [openpgp] rfc3880bis - hard expiration time (… Jon Callas
- Re: [openpgp] details of 4880bis work Ben McGinnes
- Re: [openpgp] rfc3880bis - hard expiration time Werner Koch
- Re: [openpgp] rfc3880bis - hard expiration time (… Christoph Anton Mitterer
- Re: [openpgp] 4880bis: Update S2K David Leon Gil
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] 4880bis: Update S2K Alessandro Barenghi
- Re: [openpgp] 4880bis: Update S2K Alessandro Barenghi
- Re: [openpgp] 4880bis: Update S2K Nils Durner
- Re: [openpgp] 4880bis: Update S2K Nils Durner
- Re: [openpgp] 4880bis: Update S2K Alessandro Barenghi
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] 4880bis: Update S2K Earle Lowe
- Re: [openpgp] 4880bis: Update S2K Alessandro Barenghi
- Re: [openpgp] 4880bis: Update S2K Earle Lowe
- Re: [openpgp] rfc3880bis - hard expiration time Phillip Hallam-Baker
- Re: [openpgp] 4880bis: Update S2K Alessandro Barenghi
- Re: [openpgp] 4880bis: Update S2K David Leon Gil
- Re: [openpgp] 4880bis: Update S2K Andrey Jivsov
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] Opening up the debate on PKI / WoT … Jon Callas
- Re: [openpgp] Opening up the debate on PKI / WoT … Jon Callas
- [openpgp] Key Usage, Designated Revocation Jon Callas
- Re: [openpgp] details of 4880bis work Jon Callas
- Re: [openpgp] Opening up the debate on PKI / WoT … Phillip Hallam-Baker
- Re: [openpgp] rfc3880bis - hard expiration time (… Jon Callas
- Re: [openpgp] 4880bis: Update S2K Jon Callas
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] 4880bis: Update S2K Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time (… Christoph Anton Mitterer
- Re: [openpgp] Opening up the debate on PKI / WoT … Christoph Anton Mitterer
- Re: [openpgp] 4880bis: Update S2K Andrey Jivsov
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] 4880bis: Update S2K Christoph Anton Mitterer
- Re: [openpgp] 4880bis: Update S2K Peter Gutmann
- Re: [openpgp] 4880bis: Update S2K Peter Gutmann
- Re: [openpgp] rfc3880bis - hard expiration time (… Nicholas Cole
- Re: [openpgp] rfc3880bis - hard expiration time Dominik Schuermann
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Dominik Schuermann
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Dominik Schuermann
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] 4880bis: Update S2K David Gil
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Werner Koch
- Re: [openpgp] 4880bis: Update S2K Andrey Jivsov
- Re: [openpgp] 4880bis: Update S2K David Leon Gil
- Re: [openpgp] 4880bis: Update S2K Jon Callas
- Re: [openpgp] rfc3880bis - hard expiration time Nicholas Cole
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Jon Callas
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] Key Usage, Designated Revocation ianG
- Re: [openpgp] Opening up the debate on PKI / WoT … ianG
- Re: [openpgp] Opening up the debate on PKI / WoT … Phillip Hallam-Baker
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Phillip Hallam-Baker
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Phillip Hallam-Baker
- Re: [openpgp] 4880bis: Update S2K Nils Durner
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] 4880bis: Update S2K Nils Durner
- Re: [openpgp] 4880bis: Update S2K David Gil
- Re: [openpgp] 4880bis: Update S2K David Leon Gil
- Re: [openpgp] 4880bis: Update S2K David Leon Gil
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] 4880bis: Update S2K Derek Atkins
- Re: [openpgp] 4880bis: Update S2K David Leon Gil
- Re: [openpgp] 4880bis: Update S2K David Leon Gil
- Re: [openpgp] rfc3880bis - hard expiration time Phillip Hallam-Baker
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Nicholas Cole
- Re: [openpgp] 4880bis: Update S2K Nils Durner
- Re: [openpgp] 4880bis: Update S2K Nils Durner
- Re: [openpgp] rfc3880bis - hard expiration time Phillip Hallam-Baker
- Re: [openpgp] 4880bis: Update S2K Werner Koch
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Phillip Hallam-Baker
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Nicholas Cole
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Derek Atkins
- Re: [openpgp] rfc3880bis - hard expiration time Phillip Hallam-Baker
- Re: [openpgp] rfc3880bis - hard expiration time Christoph Anton Mitterer
- Re: [openpgp] rfc3880bis - hard expiration time Werner Koch