-----BEGIN PGP SIGNED MESSAGE-----
tzeruch asks:
Is the plaintext put through the cfb system, i.e. xored with the iv?
(I assume I would discard any key material, but not the iv).
Or is it intended to be completely unencrypted?
Hal Finney answered as if this question were about the use of CFB for
Blowfish, but tzeruch asked about the "plaintext" encryption algorithm,
algorithm 0 of Section 9.2. It's a good question, because Section 5.7
says that any selected symmetric algorithm is stuffed through the rather
arcane CFB variant.
I think the answer must depend on why we want symmetric algorithm 0.
At some level it might be a security risk to have it there: if an
attacker can get the naive user's configuration file to specify that
algorithm as the default encryption algorithm and the CFB/IV system
were used as tzeruch and Section 5.7 suggest, there would be no easy
way for the user casually looking at an encrypted file to know that
it was unprotected. This would also be true if an Algorithm 0 packet
were left clear (i.e. without random IV and CFB) but compressed.
Is Algorithm 0 specified for debugging? If so, do we need to say it
MUST NOT be enabled outside of debugging environments?
The same question still holds for Algorithm 5, ROT-N: should we
make that "MUST NOT be enabled outside of debugging environments"?
Salvo Salasio
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQEPAwUBNRFK8cNH+A3/////AQHEEQfMC/YNGDEvhsNkHpVlNyBGsOiIEafZRUeu
CV6LPaZHYzfdryFkCz59YefhLLMUycganuvmPpph15tQKbdqGJwR6ecS/9jBTwV1
XRQz795Iqb4ZlZ3gbyY3b/7QDzu+pwTwfN8kGyCImu7DPkXIESA1wy8hF3+RdDBA
zJBQCLTxJvZ4Jnbbn2SGJlRO0xIy/OYsg1W3YUqrLyixBxU0hdn4wABjvxoMLdjE
Cj0jRAi/wuerpWn7WFhVXbvb9+4nT7eNxRolaNA34AH4o7+WtwZYBnl54C1dxcFp
9b30z14xnnmPJBhuBu7ZkPz2Z8dqP18w4vBiZZU8nV0uUQ==
=+HsP
-----END PGP SIGNATURE-----