gnupg 1.0.4 <-> 1.0.0 interoperability problem

Peter Bloecher (EED) Peter.Bloecher@eed.ericsson.se
Wed, 13 Dec 2000 16:50:01 +0100 

Hello Werner (CC all),

Werner Koch wrote:


> Is it the case that the keys of the people using 1.0.0 have neen

> generated with 1.0.4?  Than it is pretty ovious what happens:


Not really. I think I actually did that for the example, but the key of the person
who encountered the problem was definitely generated with 1.0.0 (since they do
not have 1.0.4, which is why we have the problem).


> 

> > Calling gpg 1.0.4 with --list-packets gives

> 

> > :encrypted data packet:

> >         length: 4294967295

> >         mdc_method: 2

> 

> Since 1.0.3, keys generated with gpg are created with preferences to

> TWOFISH (and AES since 1.0.4) and that also means that they have the

> capability to use the new MDC encryption method.  This will go into

> OpenPGP soon and is also suppoted by PGP 7.  This new method avoids

> a (not so new) attack on all email encryption systems.

> 

> The NEWS for 1.0.3 tell you that there is an incompatibility.


Sorry for not reading that. I dug around for a while in the newsgroup and the
BUG list.


> 

> > The length field of the encrypted packet looks suspicious, but that does not

> > have to be connected to the problem.

> 

> Indeed.  It only effects the lising and I will fix it in the next

> release.


Fine.


> 

> > Just upgrading everybody to 1.0.4 does not seem reasonable. I also fear that

> > there might be interoperability problems with, e.g., PGP.

> 

> Not if you have the latest PGP (7) - I checked with the PGP

> developers that MDC works for both of us.


If I decode this correctly: The problem is caused by pgp 1.0.4 using an encryption
method (?) called MDC, which is not supported by 1.0.0. Correct?
For some reason, that method was used even when I encrypted with a key that
was generated with gpg 1.0.0. Right?

[The preferences for that key are:  S10 S4 S3 H3 H2 Z2 Z1]


> 

> As workaround I can suggest to add

> 

> disable-cipher-algo RIJNDAEL

> disable-cipher-algo TWOFISH

> 

> to the options file of gpg 1.0.4.  Or foce the use of one cipher

> without caring about any preferences by using:

> 

> cipher-algo cast5


That seems to work. Thanks a lot for your help.
(and I will continue to ask the other people to upgrade ;-) )


> 

> IIRC, there is something about it in the FAQ.  For security reasons,

> I'd suggest to upgrade to 1.0.4 anyway.


I did not find anything in the FAQ.

Best regards,

/Peter

-- 

Peter Bloecher, Ericsson Research
Speech & Signal Processing
Ericsson Eurolab Deutschland GmbH  Tel: +49 911 5217-307
Nordostpark 12                     Fax: +49 911 5217-961
D-90411 Nuernberg                  mailto:Peter.Bloecher@eed.ericsson.se

-- 
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of  "unsubscribe"  to gnupg-users-request@gnupg.org