Passphrase protection of secret keys
Werner Koch
wk@gnupg.org
Fri Mar 8 17:00:02 2002
On Fri, 8 Mar 2002 21:00:05 +0800, Enzo Michelangeli said:
> Is this true also inside the gpg keyring files, or just in the exported
> keys? And in any case, wouldn't it be more prudent to obsolete that checksum
Yes it is still true. However GnuPG checks a signature right after
creation, so the Klima/Rosa attack won't work.
> requirement and/or deliberately ignore it in the keyring implementations, in
> order to slow down dictionary attacks? The correctness of the passphrase
Plaintext (i.e. the unprotected secret key) detection can be done w/o
calculating the checksum and thus faster, so it won't help.
Forthcoming GnuPG versions are going to use there own format to
protect secret keys. See:
http://cvs.gnupg.org/cgi-bin/viewcvs.cgi/newpg/agent/keyformat.txt?rev=1.4&content-type=text/vnd.viewcvs-markup&cvsroot=Project+Aegypten
Ciao,
Werner