On Sun, 18 Oct 2015 16:20, ndurner(_at_)googlemail(_dot_)com said:
+Implementations MUST generate S2K specifiers that include salts
+(either type 2, 3 or 4), as simple S2K specifiers are more vulnerable to
Type 2 is not defined but reserved, you probably meant type 1.
I also assume you allow type 1 (Salted S2K) to allow the use of an
entire random passphrase, right? The salt then acts as IV for the SESK.
Should we explain this use of type 1?
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp