Re: [openpgp] Sec. Considerations MUST about S2K [was: Re: I-D Action: d

ietf-openpgp

Re: [openpgp] Sec. Considerations MUST about S2K [was: Re: I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt]

2021-02-28 16:09:21

from [Ángel]

On 2021-02-28 at 03:46 +0000, Peter Gutmann wrote:

Daniel Kahn Gillmor <dkg(_at_)fifthhorseman(_dot_)net> writes:

I'm not sure about this at all.  For example, consider a system
that knows
that the string is high-entropy ("good key equivalent") -- should
they be
prohibited from using Simple or Salted S2K?  Is this MUST really an
interoperability concern as §6 of RFC 2119 suggests?


Agreed, but it's a pretty simple fix:

  Where it's likely that a low-entropy secret is being employed, a
compliant
  application SHOULD use [...]

Peter.



I would suggest a didactic approach, something like

Simple S2K and Salted S2K specifiers are not particularly secure 
when used with a low-entropy secret, such as those typically provided
by users, and implementations SHOULD avoid using these methods on
encryption of both keys and messages.



Best regards

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: [openpgp] who creates old-rfc registries?, (continued) Re: [openpgp] who creates old-rfc registries?, Ángel Re: [openpgp] I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt (fwd), Ángel Re: [openpgp] I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt (fwd), Daniel Kahn Gillmor [openpgp] Incorporated RFC 6637: SHA2-384 recommendation, Neal H. Walfield Re: [openpgp] I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt (fwd), Neal H. Walfield Re: [openpgp] I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt (fwd), Daniel Kahn Gillmor Re: [openpgp] I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt (fwd), Paul Wouters Re: [openpgp] I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt (fwd), Neal H. Walfield [openpgp] Sec. Considerations MUST about S2K [was: Re: I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt], Daniel Kahn Gillmor Re: [openpgp] Sec. Considerations MUST about S2K [was: Re: I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt], Peter Gutmann Re: [openpgp] Sec. Considerations MUST about S2K [was: Re: I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt], Ángel <= [openpgp] textual cleanup (no substantive changes), Neal H. Walfield [openpgp] Deprecate non-integrity-protected encryption, Neal H. Walfield Re: [openpgp] Deprecate non-integrity-protected encryption, Neal H. Walfield Re: [openpgp] I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt (fwd), Neal H. Walfield [openpgp] v5 fingerprints in ECDH, brian m. carlson Re: [openpgp] v5 fingerprints in ECDH, Paul Wouters [openpgp] Curve448 in ECDH, brian m. carlson Re: [openpgp] Curve448 in ECDH, Paul Wouters Re: [openpgp] Curve448 in ECDH, brian m. carlson Re: [openpgp] Curve448 in ECDH, Paul Wouters

Previous by Date:	Re: [openpgp] RSA-PSS and RSA-OAEP for v5, Stephen Farrell
Next by Date:	Re: [openpgp] RSA-PSS and RSA-OAEP for v5, Santiago Torres-Arias
Previous by Thread:	Re: [openpgp] Sec. Considerations MUST about S2K [was: Re: I-D Action: draft-ietf-openpgp-crypto-refresh-02.txt], Peter Gutmann
Next by Thread:	[openpgp] textual cleanup (no substantive changes), Neal H. Walfield
Indexes:	[Date] [Thread] [Top] [All Lists]