On Thu, 26 Mar 1998, Jon Callas wrote:
At 11:41 PM 3/25/98 -0500, nospam-seesignature(_at_)ceddec(_dot_)com wrote:
1. If we are going to have a lame cipher for conventional encryption, why
not also have one for the PK algorithms, e.g. DH, RSA, and the
conventional key material plaintext as an MPI integer (for exportable
samples). Would we need this for hashes and/or signatures too? Any weak
(ROT-N like) alternatives?
Or we just remove the lame algorithms? There are places where it makes
sense to have unencrypted secret keys, and these were the only places
algorithm 0 has actually been used. I'm planning on noting such in the spec
and striking the lame algorithms.
Yes and no. The string to key has to use conventional encryption
algorithms, and no current implementation I know of really sets this,
rather it is left to default to IDEA/SHA1 (I use unpublished globals
preset to these). This also creates interesting problems moving secrings
between implementations.
Maybe some additional text somewhere:
Conventional Algorithm Byte: For secret keys 0 means unencrypted. It is
invalid in any other usage.
--- reply to tzeruch - at - ceddec - dot - com ---