iterated+salted s2k insecure ?
jmos@gmx.net
jmos@gmx.net
Fri Mar 22 01:21:01 2002
On Wednesday 20 March 2002 04:47 pm, jmos@gmx.net wrote:
>> These random bytes followed by the passphrase data are repeatedly
>> hashed until the number of bytes specified by the octet count has
>> been hashed.
>"Repeatedly hashed" doesn't mean that the hash value is computed and then
fed
>back into the hash function again and again. It means that the same salt
and
>password are fed into one hash calculation repeatedly, and one hash value
is
>computed at the end.
>> Normally GnuPG uses 96 as the octet count.
>I just checked, and the octet count was 65536. Don't forget that part of
the
>count field is actually a left-shift amount.
>> So, if someone uses a passphrase of 87 octets length the 8 octets
>> of salt are prepended to yield a total of 95 octets. The result is
>> normally a 20 octets hash value.
>The 20 octet hash value is not computed until after the required number of
>octets have been passed through the hash function.
>> But to satisfy the octet count of 96 one more octet has to be hashed.
>> This is taken from the 20 octets hash value which was calculated before.
>No, if 96 octets are to be hashed, the extra octet would come from the
>beginning of the salt.
> -bob mathews
Thanks Bob for your explanation of what is actually meant by the RFC !
Am I the only person who misunderstood that section ?
I think it could have been written a little bit more precise.
Jens
--
GMX - Die Kommunikationsplattform im Internet.
http://www.gmx.net