On Wed, 28 Mar 2001, hal(_at_)finney(_dot_)org wrote:
A thread on sci.crypt recently pointed to an AsiaCrypt 2000 paper by Mihir
Bellare, http://www-cse.ucsd.edu/users/mihir/papers/oem.html. This is
Thanks.
In our case we might just compute an HMAC over the entire secret key
packet, and append it.
This still does not solve the problem, how to get the key for the
HMAC. I didn't read the Bellare paper in detail but I can't see
that it goes into the problem of possible interaction between the
encryption and HMAC key. I think it is good practise, not to use
the same key (or a derived onbe). So we would need a second
passphrase - argh.
The commercial version of PGP also uses some special S2K values, but
we could certainly decide on a new value to identify the new form of
Can you please tell us which identifiers you use, so that we don't
run into problems if we encounter such identifiers.
Ciao,
Werner
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus