Vedaal writes:
On Mon, 06 Feb 2006 17:38:01 -0500 Hal Finney <hal(_at_)finney(_dot_)org>
wrote:
Note that V3 keys only support ciphers with a block size of 8
bytes, so
I think it is OK to explicitly say "8 octets" here.
are v4 keys different in this respect ?
(i.e., is there any cipher currently within the open pgp standard
that v4 keys support that v3 keys could not?
Actually I think I was wrong about what I wrote there. At the time that
V3 keys were created, only 8-byte ciphers were used by PGP, but now I
think it would be legal to create a V3 key and use a 16-byte cipher like
AES to encrypt the private part. (Or to re-encrypt the private part of
an existing V3 key using AES instead of IDEA or 3DES.)
So I would have to modify my proposed change to the language of the
spec to say something like:
Furthermore, at the beginning of each MPI value after the first, the
CFB state is re-synchronized to its initial state, with the IV for
that MPI taken as the final octets of the ciphertext of the previous
MPI value, with the number of such octets being equal to the block
size of the cipher.
classically, v3 keys were started when all that was available was
IDEA,
but Disastry extended 2.6x for v3 keys to accept 'any' open-pgp
cipher,
even for symmetric protection of the secret key
(i have occasionally found it useful to prepare v3 non-IDEA test
keys,
for gnupg testers who prefer not to use patented algorithms, even
for testing, if there is a convenient way around it)
[am not trying to awaken a v3 / v4 controversy ;-)
am just trying to 'understand' what i might have 'missed' ]
Thanks for pointing out my mistake!
Hal Finney