Serpent Support

David Shaw dshaw@jabberwocky.com
Sat Feb 23 03:29:01 2002


On Fri, Feb 22, 2002 at 05:28:21PM -0800, Emilio Silva wrote:

> 1) Are there any plans to include Serpent support in Gnupg ?The large
> security margin of the cipher,the conservatism in its design and the good
> reputation of the people who created it,assure added value to GnuPG.

To do this, Serpent must first be added to the OpenPGP spec.  It does
little good to add it to GnuPG if other OpenPGP compatible programs
can't use it as well.

> 2) When conventionally (-c) encrypting using twofish PGP 7.0.3 can?t recognize
> the passphrase (wrong passphrase...) ,I added --s2k-digest-algo sha1 (the hash
> algorithm used by PGP 7.0.3) and the same happend.Using rijndael,cast5,3des all
> works well.What?s the problem?I use GnuPG 1.0.6.

Hmm.  Try adding the "--openpgp" option as well.  I suspect MDC
packets.

> 3)Using conventional encryption "the key is derived from the passphrase"(Gnupg
> handbook) but the exact procedure is not specified.I get two different encrypted 
> outputs encrypting with the same file,passphrase,options and algorithms.How 
> exactly does this work? (In conventional encryption).

See section 3.7 of RFC2440:

   String-to-key (S2K) specifiers are used to convert passphrase
   strings into symmetric-key encryption/decryption keys.

It gives lots of detail exactly how this works.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson