ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] On composing scrypt and openpgp s2k key stretching for symmetric encryption

2014-05-23 09:41:19
from [Jon Callas] [Permanent Link] 
Yep. One aspect was already mentioned "NUL" characters. The obvious counter
measurement was also mentionen "base64". But this reduces the possible input
variation. It might be possible to mount an attack on it.


If you can, the hash function is broken. Assuming of course that you're taking 
then entire expanded string. Any textification of a string is just a sloppy 
coding, and if the hash function has odd properties, then it's very, very 
broken.



The general rule is: If you fear, that the default algorithm is not safe,
change it! You can't incease security by chaining algorithms.


Yes! I couldn't agree more. 

        Jon
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] On composing scrypt and openpgp s2k key stretching for symmetric encryption, Lutz Donnerhacke
Next by Date:  Re: [openpgp] On composing scrypt and openpgp s2k key stretching for symmetric encryption, Daniel Kahn Gillmor
Previous by Thread:  Re: [openpgp] On composing scrypt and openpgp s2k key stretching for symmetric encryption, Lutz Donnerhacke
Next by Thread:  Re: [openpgp] On composing scrypt and openpgp s2k key stretching for symmetric encryption, Daniel Kahn Gillmor
Indexes:  [Date] [Thread] [Top] [All Lists]