Re: Fixing the MDC language

"Hal Finney" <hal@finney.org> Fri, 20 September 2002 07:03 UTC

Date: Thu, 19 Sep 2002 23:55:09 -0700
From: Hal Finney <hal@finney.org>
Message-Id: <200209200655.g8K6t9k17770@finney.org>
To: ietf-openpgp@imc.org, jon@callas.org
Subject: Re: Fixing the MDC language
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk

A couple of comments:

First, there is another typo I forgot to mention:

> includes all of the plaintext, and then also includes two octets of values
> 0xD0, 0x14.  These represent the encoding of a Modification Detection Code

The D0 was from an older version of the draft when we were going to
use tag 16 for the MDC packet.  In fact we chose tag 19, so 0xD0 should
be 0xD3.

The other point:

> The plaintext of the data to be encrypted is passed through the SHA-1 hash
> function, and the result of the hash is appended to the plaintext in a
> Modification Detection Code packet.  The input to the hash function includes
> the prefix data described above which acts as a weakly keyed hash;

This last sentence is not quite correct, the prefix data per se does not
act as a weakly keyed hash.  It acts as the key to a sort of keyed hash.
But it's not really a normal keyed hash, because the key is usually kept
a lot more secret than our pseudo-IV.

In any case I don't really think we ought to mention this keyed-hash
stuff.  It's not necessary to an implementor, and as a shorthand for
some kind of security analysis it is too brief to be meaningful.  I'd
suggest removing the "which acts as..." clause entirely.

Hal