un-trusting MD5 in gpg

David Shaw dshaw at jabberwocky.com
Wed May 6 21:31:25 CEST 2009


On May 6, 2009, at 9:38 AM, Werner Koch wrote:

>> And last: is there any reason to add an additional error value to  
>> cover
>> these semantics (e.g. G10_ERR_INSECURE_DIGEST_ALGO), or is
>> G10_ERR_DIGEST_ALGO sufficient?
>
> I can imagin adding a few new error codes; we already have:
>
> 43	GPG_ERR_WEAK_KEY		Weak encryption key
>
> and new ones like:
>
>        GPG_ERR_WEAK_DIGEST_ALGO
>        GPG_ERR_WEAK_CIPHER_ALGO
>
> may be useful for further processing; not necessary to be dispalyed  
> to a
> user but may be displayed as well in cases you describe.

I think if we're going to add new error codes for this, I'd rather  
just say something like GPG_ERR_DISABLED_DIGEST_ALGO and  
GPG_ERR_DISABLED_CIPHER_ALGO.  Calling it "weak" is a value judgement  
(i.e. weaker than what?  too weak for what?)  The WEAK_KEY message is  
a different sort of thing here as "weak key" is a defined term for  
those ciphers that have weak keys.

Simply calling it "disabled" means exactly what it says: the user  
disabled it.  We shouldn't really care why.  Also, when the user sees  
the string that goes along with that error message, that indicates  
there is a way to disable and enable digest algorithms, so they can  
understand what happened.

David




More information about the Gnupg-devel mailing list