|
Re: Suggested DER Prefixes
2003-05-28 14:14:47
-----BEGIN PGP SIGNED MESSAGE-----
Hash: HAVAL-5-160 ;)
Hello Mr Callas,
Please, do allow me to table the followings:-
And while you are at it, please do kindly remove
IDEA, CAST5, MD2, MD5, and AES < 256 bits.
The above algorithms, will, no doubt, be rendered useless,
given any advances in the attacks.
The OpenPGP suite of symmetric ciphers, and hashing algorithms
are deficient, more algorithms are needed. While less is better,
I don't think that this principle should be applied
to the fundamental level of ciphers and hashes.
The implementer does not write the code for these, he just
plugs them in. If he is too lazy to do so, then, I think,
that he ought to consider some other endeavor.
I wish that the "less is better" principle is
applied to the higher levels, this is where
all the complexities lies.
my 2c,
Best Regards,
Imad R. Faiad
P.S. Just out of curiosity, what in the heck is "DES/SK"?
any references?
On Wed, 21 May 2003 09:34:17 -0700, you wrote:
On 5/21/03 4:11 AM, "Imad R. Faiad" <matic(_at_)cyberia(_dot_)net(_dot_)lb>
wrote:
PS Can someone clarify OpenPGP symmetric
algorithm ID: 6 (DES/SK), I mean, what
variant of the DES algorithm are we talking about.
TIA
DES/SK is being removed. Don't implemented it.
//Double width SHA (SHA1x) experimental algorithm
//Used In: PGP 5.x
//OpenPGP Hash Algorithm ID: 04
unsigned char const SHA1xDERprefix[] = {
0x30, /* Universal, Constructed, Sequence */
0x35, /* Length 53 (bytes following) */
0x30, /* Universal, Constructed, Sequence */
0x09, /* Length 9 bytes*/
0x04, /* Universal, Primitive, Octet string */
0x05, /*Length 5 bytes*/
0x53, 0x48, 0x41, 0x31, 0x78, /*SHA1x*/
0x05, /* Universal, Primitive, NULL */
0x00, /* Length 0 */
0x04, /* Universal, Primitive, Octet string */
0x28 /* Length 40 bytes = 320 bits*/
/* 40 bytes SHA1x digest start here */
};
Double-width SHA was an experimental thing some people were using for
wider DSA, it was never widely implemented. Don't implement it.
//HAVAL 5 pass, 160 bits (HAVAL-5-160)
//OpenPGP Hash Algorithm ID: 07
//Used in: PGP 2.6.3ia-multi04+
unsigned char const HAVAL-5-160DERprefix[] = {
0x30, /* Universal, Constructed, Sequence */
0x27, /* Length 39 (bytes following) */
0x30, /* Universal, Constructed, Sequence */
0x0f, /* Length 15 bytes*/
0x04, /* Universal, Primitive, Octet string */
0x0B, /*Length 11 bytes*/
0x48, 0x41, 0x56, 0x41, 0x4C, 0x2D,
0x35, 0x2D, 0x31, 0x36, 0x30, /*HAVAL-5-160*/
0x05, /* Universal, Primitive, NULL */
0x00, /* Length 0 */
0x04, /* Universal, Primitive, Octet string */
0x14 /* Length 20 bytes = 160 bits*/
/* 20 bytes HAVAL-5-160 digest start here */
};
//HAVAL 5 pass, 256 bits (HAVAL-5-256)
//OpenPGP Hash Algorithm ID: None
//Used in: PGP 2.6.3ia-multi04+
//Hash Algorithm ID used: 11
unsigned char const HAVAL-5-256DERprefix[] = {
0x30, /* Universal, Constructed, Sequence */
0x33, /* Length 51 (bytes following) */
0x30, /* Universal, Constructed, Sequence */
0x0f, /* Length 15 bytes*/
0x04, /* Universal, Primitive, Octet string */
0x0B, /*Length 11 bytes*/
0x48, 0x41, 0x56, 0x41, 0x4C, 0x2D,
0x35, 0x2D, 0x32, 0x35, 0x36, /*HAVAL-5-256*/
0x05, /* Universal, Primitive, NULL */
0x00, /* Length 0 */
0x04, /* Universal, Primitive, Octet string */
0x20 /* Length 32 bytes = 256 bits*/
/* 32 bytes HAVAL-5-256 digest start here */
};
Haval is being removed. Don't bother.
Now that there are the wide SHAs, they are what you should be
implementing.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2irf
iQEVAwUBPtUz4LzDFxiDPxutAQcWxwgAgL5lhy2wvkmlf7UCyksWhma2GK0I9oyu
BHGxlnCrYGHP+UopQT/Gk2ZmOz3qxKg+n+CelR7/FRyDoM5eyUp+8MUHMpBVdkoP
ZBt39/6J1BW5OC+/XNbCgE4ftRvnlz5/sJjdWYq1RSdtfMIN68K2188KmUxmBJ4E
LdszetQ64L1hFY8blpVtYpPQMgtJUhvQ0bCsWij7Xm6nTsFruABvIcoalQ7TcM3V
IEf9ygDBYdF/wSYLEHMotSfyoogjv1GC1aN8+9Zl045vBvC3gJoGrIP5NBb17bwa
DilBynG5Wf3uFS1V742eaSKvsny+8g0bsjx1dDURVlq5PzA/NrgBTA==
=CLcJ
-----END PGP SIGNATURE-----
|
|