[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Plaintext, symmertric algorithm 0 (9.2)?
On Thu, 19 Mar 1998, Anonymous wrote:
> I think the answer must depend on why we want symmetric algorithm 0.
> At some level it might be a security risk to have it there: if an
> attacker can get the naive user's configuration file to specify that
> algorithm as the default encryption algorithm and the CFB/IV system
> were used as tzeruch and Section 5.7 suggest, there would be no easy
> way for the user casually looking at an encrypted file to know that
> it was unprotected. This would also be true if an Algorithm 0 packet
> were left clear (i.e. without random IV and CFB) but compressed.
>
> Is Algorithm 0 specified for debugging? If so, do we need to say it
> MUST NOT be enabled outside of debugging environments?
I ended up implementing it without the CFB (though with the 10 byte reset
IV), so I could use less or od -a to see the not-really-encrypted text.
> The same question still holds for Algorithm 5, ROT-N: should we
> make that "MUST NOT be enabled outside of debugging environments"?
I did this without CFB, So every space maps to the same character, etc.
So the structure of what you encrypt is visible. I also added a cfb
ROT-8-n variant which does mess things up a bit more.
Beyond debugging, it creates a diagnostic mode, but you are right that
these should be disabled in such a way that it is very hard for a user to
enable them.
--- reply to tzeruch - at - ceddec - dot - com ---