GnuPG manual doubt
Thu, 27 Jan 2000 11:00:06 +0000
> while doing the Spanish translation of the manual, I've found something
> I'm stack with. For the options s2k-digest-algo and s2k-mode the
> synopsis says:
> set the message digest algorithm for mangling passphrases
> sets how passphrases are mangled
> It would help me if anyone could give me a brief explanation of it, as I
> can't think of the meaning for "mangling" here.
The private keys are only stored encrypted. The (symmetric) algorithm used
needs (of course) a key. Using the passphrase directly as a key is not a good
idea because too many bits are related to each other other or by the fact
that the passphrase is encoded in ASCII. Therefore a cryptographic "hash"
of the passphrase is used instead to "mix up" the bits in the passphrase
and generate a good key for the actual encryption. The parameter concerned
gives the user a choice of which cryptographic hash function is used for
this process. Another name for the cryptographic "hash" function is a
"message digest" function, especially when it is used in signatures.
> Also, could anyone tell me what does "adding salt to a passphrase" mean?
> (the translation of "salt" is ok, just like the element).
This refers to the process of adding some random bits to a passphrase
before computing the cryptographic hash. These bits are stored with
the computed hash. This is done so that the same passphrase, when hashed
by different users, does not produce the same hash value - because the
"salt" is different. It's usually implemented by providing and initial
random value for some variable used iteratively during the computation;
I guess the use of the word "salt" is related to its use in the phrase
"salting a mine" for leaving a little gold behind in an otherwise empty
mine for your "sucker" to find so he thinks he's buying something
valuable from you when he's not.