gnupg 1.0.4 <-> 1.0.0 interoperability problem

Werner Koch
Wed, 13 Dec 2000 14:45:24 +0100

On Wed, 13 Dec 2000, Peter Bloecher (EED) wrote:

> After upgrading to gpg 1.0.4 I discovered a problem when exchanging messages
> with people using gpg 1.0.0. What happens is that during decryption they are asked
Is it the case that the keys of the people using 1.0.0 have neen generated with 1.0.4? Than it is pretty ovious what happens:
> Calling gpg 1.0.4 with --list-packets gives

> :encrypted data packet:
> length: 4294967295
> mdc_method: 2
Since 1.0.3, keys generated with gpg are created with preferences to TWOFISH (and AES since 1.0.4) and that also means that they have the capability to use the new MDC encryption method. This will go into OpenPGP soon and is also suppoted by PGP 7. This new method avoids a (not so new) attack on all email encryption systems. The NEWS for 1.0.3 tell you that there is an incompatibility.
> The length field of the encrypted packet looks suspicious, but that does not
> have to be connected to the problem.
Indeed. It only effects the lising and I will fix it in the next release.
> Just upgrading everybody to 1.0.4 does not seem reasonable. I also fear that
> there might be interoperability problems with, e.g., PGP.
Not if you have the latest PGP (7) - I checked with the PGP developers that MDC works for both of us. As workaround I can suggest to add disable-cipher-algo RIJNDAEL disable-cipher-algo TWOFISH to the options file of gpg 1.0.4. Or foce the use of one cipher without caring about any preferences by using: cipher-algo cast5 IIRC, there is something about it in the FAQ. For security reasons, I'd suggest to upgrade to 1.0.4 anyway. Hth, Werner -- Archive is at - Unsubscribe by sending mail with a subject of "unsubscribe" to