ietf-openpgp
[Top] [All Lists]

Re: private key language

2005-12-28 10:59:03

On Wed, Dec 28, 2005 at 12:11:23PM -0500, David Shaw wrote:

Sure, I know about the Klima-Rosa attack, but I was under the
impression that the SHA-1 protected secret key format (S2K 254)
prevents the attack.  The text in 5.5.3. Secret Key Packet Formats
certainly says so:

  The reason for this is that there are some attacks on the private
  key that can undetectably modify the secret key. Using a SHA-1
  hash prevents this.

David

No, this is, unfortunately, not the case, as only the secret material is
hashed. In the Klima-Rosa attack, the secret material is not touched; it is
the public matereial that is altered.

-- 
Daniel