gnupg 1.0.4 <-> 1.0.0 interoperability problem

Peter Bloecher (EED) Peter.Bloecher@eed.ericsson.se
Wed, 13 Dec 2000 16:50:01 +0100


Hello Werner (CC all),

Werner Koch wrote:


> Is it the case that the keys of the people using 1.0.0 have neen
> generated with 1.0.4? Than it is pretty ovious what happens:
Not really. I think I actually did that for the example, but the key of the person who encountered the problem was definitely generated with 1.0.0 (since they do not have 1.0.4, which is why we have the problem).
>
> > Calling gpg 1.0.4 with --list-packets gives
>
> > :encrypted data packet:
> > length: 4294967295
> > mdc_method: 2
>
> Since 1.0.3, keys generated with gpg are created with preferences to
> TWOFISH (and AES since 1.0.4) and that also means that they have the
> capability to use the new MDC encryption method. This will go into
> OpenPGP soon and is also suppoted by PGP 7. This new method avoids
> a (not so new) attack on all email encryption systems.
>
> The NEWS for 1.0.3 tell you that there is an incompatibility.
Sorry for not reading that. I dug around for a while in the newsgroup and the BUG list.
>
> > The length field of the encrypted packet looks suspicious, but that does not
> > have to be connected to the problem.
>
> Indeed. It only effects the lising and I will fix it in the next
> release.
Fine.
>
> > Just upgrading everybody to 1.0.4 does not seem reasonable. I also fear that
> > there might be interoperability problems with, e.g., PGP.
>
> Not if you have the latest PGP (7) - I checked with the PGP
> developers that MDC works for both of us.
If I decode this correctly: The problem is caused by pgp 1.0.4 using an encryption method (?) called MDC, which is not supported by 1.0.0. Correct? For some reason, that method was used even when I encrypted with a key that was generated with gpg 1.0.0. Right? [The preferences for that key are: S10 S4 S3 H3 H2 Z2 Z1]
>
> As workaround I can suggest to add
>
> disable-cipher-algo RIJNDAEL
> disable-cipher-algo TWOFISH
>
> to the options file of gpg 1.0.4. Or foce the use of one cipher
> without caring about any preferences by using:
>
> cipher-algo cast5
That seems to work. Thanks a lot for your help. (and I will continue to ask the other people to upgrade ;-) )
>
> IIRC, there is something about it in the FAQ. For security reasons,
> I'd suggest to upgrade to 1.0.4 anyway.
I did not find anything in the FAQ. Best regards, /Peter -- Peter Bloecher, Ericsson Research Speech & Signal Processing Ericsson Eurolab Deutschland GmbH Tel: +49 911 5217-307 Nordostpark 12 Fax: +49 911 5217-961 D-90411 Nuernberg mailto:Peter.Bloecher@eed.ericsson.se -- Archive is at http://lists.gnupg.org - Unsubscribe by sending mail with a subject of "unsubscribe" to gnupg-users-request@gnupg.org