On 2021-02-28 at 03:46 +0000, Peter Gutmann wrote:
Daniel Kahn Gillmor <dkg(_at_)fifthhorseman(_dot_)net> writes:
I'm not sure about this at all. For example, consider a system
that knows
that the string is high-entropy ("good key equivalent") -- should
they be
prohibited from using Simple or Salted S2K? Is this MUST really an
interoperability concern as §6 of RFC 2119 suggests?
Agreed, but it's a pretty simple fix:
Where it's likely that a low-entropy secret is being employed, a
compliant
application SHOULD use [...]
Peter.
I would suggest a didactic approach, something like
Simple S2K and Salted S2K specifiers are not particularly secure
when used with a low-entropy secret, such as those typically provided
by users, and implementations SHOULD avoid using these methods on
encryption of both keys and messages.
Best regards
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp