Marcel Waldvogel <mwa(_at_)tik(_dot_)ee(_dot_)ethz(_dot_)ch> writes:
Why don't we repeat the version number (and maybe even the packet tag)
after the two check bytes? Or would this give too much plaintext away?
I don't think so, there is already enough plaintext because the
structure of the packet heades is well known and this gives you
already some plaintext.
with SHA-1 (e.g. political or cryptanalytical). Wouldn't tampering become
political/patents maybe an argument. Actually we don't need a
cryptograhic hash function here but only a good checksum - so SHA1
is good enough and it is the only hash algorithm which is required
anyway.
However, if it turns out that we have to change something, we have the
version number and can implement another scheme with another version
number which must then be made tamperproof, e.g. by putting a copy
into the encrypted data.
--
Werner Koch at guug.de www.gnupg.org keyid 621CC013