On Wed, Dec 28, 2005 at 12:11:23PM -0500, David Shaw wrote:
Sure, I know about the Klima-Rosa attack, but I was under the
impression that the SHA-1 protected secret key format (S2K 254)
prevents the attack. The text in 5.5.3. Secret Key Packet Formats
certainly says so:
The reason for this is that there are some attacks on the private
key that can undetectably modify the secret key. Using a SHA-1
hash prevents this.
David
No, this is, unfortunately, not the case, as only the secret material is
hashed. In the Klima-Rosa attack, the secret material is not touched; it is
the public matereial that is altered.
--
Daniel