[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OpenPGP WG meeting minutes

To: OpenPGP mailing list <ietf-open-pgp@xxxxxxx>
Subject: Re: OpenPGP WG meeting minutes
From: nospam-seesignature@xxxxxxxxxx
Date: Tue, 20 Jan 1998 15:09:32 -0500
In-reply-to: <>
Sender: owner-ietf-open-pgp@xxxxxxx

On Mon, 19 Jan 1998, John  W. Noerenberg wrote:

> Here are the long delayed minutes from the IETF meeting in December.  Tony
> Mione recorded them, and I've annotated them slightly.
> 
> 40th IETF, Washington, DC
> OpenPGP Working Group Meeting Minutes
> 8-Dec-1997

...

> Draft : PGP Message formats (Jon Callas)
> 	Jon discussed the most recent decisions on various open issues
> 		in the PGP Message formats draft
> 		(drafts-ietf-openpgp-formats-00.txt). There was some discussion
> 		on certain points. Some decisions by Jon, et al were reversed
> 		or modified during the discussion.

...

> 	2.5.3.3 Iterated/Salted String-to-key - This is long, hairy and
> 		complicated to implement. We have considered removing it.

The following should do all three variants (0,1,3), but I haven't tested
them all, nor any hashtype not normally used by PGP 5.0b8.  The original
is at www.cryptography.org in cipcop09.tgz in the libraries directory.

bp points to a buffer with the key material starting with the crypto type,
and hashpass contains the user typed in password.

cfbinit sets the key and initial IV for the cfb decryption:

void cfbinit(unsigned char *key, unsigned char *iv0, int cipher);

/*------------------------------------*/
/* string to key and initialize conventional encryption */

void getcfbkey(unsigned char **bp, unsigned char *hashpass)
{
  unsigned int i = 0, j, k = 0, ca, ha, sa;
  unsigned char hbuf[256];
  unsigned char hashctx[1024];

  ca = *(*bp)++;                /* crypto type */
  sa = *(*bp)++;                /* salt type */
  ha = *(*bp)++;                /* hash type */

  if (sa & 1) {
    memcpy(hbuf, *bp, 8);       /* salt */
    memcpy(&hbuf[8], hashpass, strlen(hashpass));
    *bp += 8;
    k = 8 + strlen(hashpass);
    i = k;
  }
  if (sa == 3) {
    i = *(*bp)++;               /* postfix - hash size */
    j = i >> 4;
    i = (i & 15) + 16;
    i <<= j + 6;
  } else if (sa == 0) {         /* salt-free */
    memcpy(hbuf, hashpass, strlen(hashpass));
    i = strlen(hashpass);
    k = i;
  } else if (sa != 1)           /* 1 = just salt, else error */
    exit(-1);

  j = i / k;                    /* loops over whole text */
  i = i % k;                    /* last loop size */

  if (ha < 1 || ha > MAXHASH)
    exit(-1);

  (*hashinit[--ha]) (hashctx);
  while (j--)
    (*hashupdate[ha]) (hashctx, hbuf, k);
  (*hashupdate[ha]) (hashctx, hbuf, i);
  (*hashfinal[ha]) (hbuf, hashctx);
  memcpy(&hbuf[hashlen[ha]], hbuf, hashlen[ha]);
  memcpy(&hbuf[hashlen[ha] * 2], hbuf, hashlen[ha] * 2);

  cfbinit(hbuf, *bp, ca);
  *bp += 8;
}

> 		The rationale for its use is that:
> 			1-Salt perturbs encryption of strings (same string
> 				encrypts to different values each time it
> 				is used)
> 			2-Iteration adds compute time for the craker program
> 				running a dictionary attack.
> 			We've seen 3 options mentioned
> 				1) Remove it
> 				2) Change 8-bit float to 32 bit int
> 				3) Change it to a MAY
> 			Request for comments from WG
> 
> 		Comments from WG member: Options add complexity but is useful
> 			and important. The member would not have a problem
> 			with it if the float was changed to a 32-bit
> integer (2).

--- reply to tzeruch - at - ceddec - dot - com ---

References:
- OpenPGP WG meeting minutes
  - From: John W. Noerenberg

Prev by Date: MISTY1
Next by Date: proposed FP sig subpacket type
Previous by thread: MISTY1
Next by thread: Re: OpenPGP WG meeting minutes
Index(es):
- Date
- Thread