IETF Logo Mail Archive

Re: [openpgp] Intent to deprecate: Insecure primitives

David Leon Gil <coruus@gmail.com> Mon, 16 March 2015 21:10 UTC

Return-Path: <coruus@gmail.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 35FE41A90E9 for <openpgp@ietfa.amsl.com>; Mon, 16 Mar 2015 14:10:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dBwk0HgtZ7AI for <openpgp@ietfa.amsl.com>; Mon, 16 Mar 2015 14:10:05 -0700 (PDT)
Received: from mail-yk0-x22f.google.com (mail-yk0-x22f.google.com [IPv6:2607:f8b0:4002:c07::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90AA41A90FE for <openpgp@ietf.org>; Mon, 16 Mar 2015 14:09:59 -0700 (PDT)
Received: by ykek76 with SMTP id k76so22825460yke.0 for <openpgp@ietf.org>; Mon, 16 Mar 2015 14:09:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=qp3uUyzI0q1Rxz4wXdowOyAuAQ7OTN2lNsitV34vhoI=; b=RLnUr1ot7TeXu9Hey+FNB+OpBeuLZTE5OZ8Q8vwb/PezunvQmr/yoOjmzWIzmiW123 kY7MjdNJECJiK90JKf/Br7sm2QZtqrEOTc5Grpz++nRpuB+tLPPl1kokU8L1ZMvM8Mp0 cX+4INMEZ2yddQiOGrMLo1w1cfCtJCQ9mzr82Hl6y/5CrKPhREsFmJMDrLIsJ0hjHLRS P+SCDtoJdk1kIVjoNCSbyJE437VH/SWUHiRWabKHdUebXZA8uYeEZRMuHif5MoTbEbXn B3IgRuE7O+n9J1WWu5HrQ9w0gv5AswaiM9TEg9t26/Dc/UNFXefO6B5cSAIaMnT6TqpX Jnag==
MIME-Version: 1.0
X-Received: by 10.170.46.3 with SMTP id 3mr71259150yko.24.1426540199013; Mon, 16 Mar 2015 14:09:59 -0700 (PDT)
Received: by 10.170.125.80 with HTTP; Mon, 16 Mar 2015 14:09:58 -0700 (PDT)
In-Reply-To: <20150316171832.D0C81E0451@smtp.hushmail.com>
References: <CAA7UWsWBoXpZ2q=Lv151R593v3u=SPNif39ySX_-8=fqMniiVg@mail.gmail.com> <87sid5si30.fsf@alice.fifthhorseman.net> <20150316171832.D0C81E0451@smtp.hushmail.com>
Date: Mon, 16 Mar 2015 14:09:58 -0700
Message-ID: <CAA7UWsV6fiGE312xZZtKzo_wwOxuhZVFja_mVZMUndYpJrUjbA@mail.gmail.com>
From: David Leon Gil <coruus@gmail.com>
To: "vedaal@nym.hush.com" <vedaal@nym.hush.com>
Content-Type: multipart/alternative; boundary="001a11437dcad1f39105116e45be"
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/ye555hyh9KBXjL_fMTX_dNN_A-A>
Cc: "openpgp@ietf.org" <openpgp@ietf.org>
Subject: Re: [openpgp] Intent to deprecate: Insecure primitives
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 Mar 2015 21:10:10 -0000

On Monday, March 16, 2015, <vedaal@nym.hush.com> wrote:

> On 3/15/2015 at 11:56 PM, "Daniel Kahn Gillmor" <dkg@fifthhorseman.net
> <javascript:;>> wrote:
>
> >> Yahoo has deprecated, and intends to disable support for all
> >uses, of
> >> the following primitives and packet types specified for use with
> >> OpenPGP v4:
> >>
> >> - Symmetric cipher algorithms: IDEA, TDES, CAST5, Blowfish,
> >Twofish
>
> -----
>
> All previous OpenPGP have had a MUST implement for 3DES.
> Is there any advantage in using only block 64 symmetric encryption
> primitives, to do away with 3 DES, IDEA and CAST 5?


Yes re block size  (I'm assuming you meant 128-bit blocksize ciphers). A
64-bit blocksize is small enough that there is a significant probability of
(some user) encrypting a message with two blocks the same.

CAST5 (CAST128), however, is a 128-bit blocksize cipher.

In general, won't removing these primitives make it difficult to decrypt
> past correspondences where people have used these primitives?
> (The default for symmmetrically encrypted GnuPG messages has been CAST5
> for a long time in the past, -i.e. many many encrypted messages ...)
>

Yes. GnuPG's use of CAST5 is problematic. We won't support this usage for
encryption or decryption. (Mainly because it did so if you didn't set a
'modern' cipher, and thus didn't use the SEIPD+MDC packet.)

Other implementations are free to; they really shouldn't be encrypting new
messages using it.

I will note that the Canadian government still permits the use of CAST5 for
the encryption of data at a 128-bit security level, but requires a
cryptoperiod of < 7 days. (Which is not terrribly reassuring.)

See https://www.cse-cst.gc.ca/en/node/227/html/15164

v2.23.0 | Report a Bug | By Email