IETF Logo Mail Archive

Re: [openpgp] On composing scrypt and openpgp s2k key stretching for symmetric encryption

Lutz Donnerhacke <lutz@donnerhacke.de> Fri, 23 May 2014 09:03 UTC

Return-Path: <lutz@iks-jena.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFBF91A0157 for <openpgp@ietfa.amsl.com>; Fri, 23 May 2014 02:03:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.203
X-Spam-Level:
X-Spam-Status: No, score=-2.203 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_EQ_DE=0.35, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yCRYIr4xU2RZ for <openpgp@ietfa.amsl.com>; Fri, 23 May 2014 02:03:48 -0700 (PDT)
Received: from annwfn.iks-jena.de (annwfn-eth.iks-jena.de [IPv6:2001:4bd8:0:104:20a:e4ff:fe80:3138]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9BF061A014E for <openpgp@ietf.org>; Fri, 23 May 2014 02:03:46 -0700 (PDT)
X-SMTP-Sender: IPv6:2001:4bd8:0:666:248:54ff:fe12:ee3f
Received: from belenus.iks-jena.de (belenus.iks-jena.de [IPv6:2001:4bd8:0:666:248:54ff:fe12:ee3f]) by annwfn.iks-jena.de (8.14.3/8.14.1) with ESMTP id s4N93ZVM027342 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 23 May 2014 11:03:38 +0200
X-MSA-Host: belenus.iks-jena.de
Received: (from lutz@localhost) by belenus.iks-jena.de (8.14.3/8.14.1/Submit) id s4N93YXq025728; Fri, 23 May 2014 11:03:34 +0200
Date: Fri, 23 May 2014 11:03:34 +0200
From: Lutz Donnerhacke <lutz@donnerhacke.de>
To: Jon Callas <jon@callas.org>
Message-ID: <20140523090334.GA25165@belenus.iks-jena.de>
References: <CAHVUoiQAFthafuGCjegJQr8WFC-myR2ecHDz7mRggeyBE5KUSQ@mail.gmail.com> <5E5B20C2-7647-4437-A489-7321CC8079C6@callas.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <5E5B20C2-7647-4437-A489-7321CC8079C6@callas.org>
X-message-flag: Please send plain text messages only. Thank you.
User-Agent: Mutt/1.5.17 (2007-11-01)
Archived-At: http://mailarchive.ietf.org/arch/msg/openpgp/qVxfir8vQ1LTd-6wKAXaVvfrF7c
X-Mailman-Approved-At: Fri, 23 May 2014 07:33:44 -0700
Cc: Brian Gitonga Marete <marete@toshnix.com>, openpgp@ietf.org
Subject: Re: [openpgp] On composing scrypt and openpgp s2k key stretching for symmetric encryption
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 May 2014 09:03:50 -0000

On Thu, May 22, 2014 at 04:41:37PM -0700, Jon Callas wrote:
> Most things that are intuitively better but unmeasurable turn out to
> be far less good than your intuition says. Depressingly often, someone
> comes up with a clever attack that reduces the intuitive thing to being

Yep. One aspect was already mentioned "NUL" characters. The obvious counter
measurement was also mentionen "base64". But this reduces the possible input
variation. It might be possible to mount an attack on it.

The general rule is: If you fear, that the default algorithm is not safe,
change it! You can't incease security by chaining algorithms.

v2.23.0 | Report a Bug | By Email