--override-session-key $PASS simple brute force attack vulnerability?

Brian M. Carlson karlsson@hal-pc.org
Mon Jul 15 13:45:02 2002 

--OROCMA9jn6tkzFBc
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jul 15, 2002 at 10:55:20AM +0100, john clark wrote:
>=20
> --override-session-key $PASS simple brute force
> attack vulnerability?
>=20
> hi guys,
>=20
> 	Call me naive, but...
>=20
> 	I noticed that on --show-session-key option, the
> structure of the
> session key is composed of the cipher-algo code plus
> lotsa random
> numerals and upper case characters, but no special
> characters.

This is merely some random encoding gpg uses. See below.
=20
> gpg: session key:=20
>                                                      =20
>           =20
> "9:4653465768797E97F6863768674FG464675676689DBFE3SD599B7662D4DF98B1"
>=20
> 	Then there is a possibility to brute force a
> particular
> public-key encrypted message via the session key
> without having the
> secret-key, right?=20

Well, yes. But the amount of effort is not believed to be feasible. If
you can brute force an OpenPGP session key, please tell me how. We will
both be very rich. ;-)

Remember that it took distributed.net how long to break DES (56 bits)?
And they're still working on RC5-64.

But really, if you're getting at what I think you're getting at, let me
stop you right now. The session key is, in reality, 128, 168, 192, or
256 bits long, depending on the algorithm. It is raw bits, encoded as
bytes. However, what you see above is just some other encoding of it, so
that you can type it in at the prompt. Otherwise, if one of those bytes
was 0x10 (LF), then you wouldn't be able to override the session key,
now would you?
=20
> 	And if this is the case, then it's much better to use
> long cipher
> algos like Rijndael256 and Twofish to avoid this risk?

Yes, if you believe such algos are secure. I read somewhere that certain
types of algos (including Rijndael with 256-bit only) have certain
properties in the s-boxes, I think, that made them bad choices. So I
prefer Rijndael 192.

You can see my preferences here:
	Cipher: 3DES, BLOWFISH, CAST5, AES192
	Hash: RIPEMD160, TIGER192, SHA1 (that is a nasty extra SHA1 that
	shouldn't be there)
	Compression: ZLIB, ZIP, Uncompressed
	Features: MDC

--=20
Brian M. Carlson <karlsson@hal-pc.org> <http://decoy.wox.org/~bmc> 0x560553=
E7
You single-handedly fought your way into this hopeless mess.

--OROCMA9jn6tkzFBc
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.1.90 (GNU/Linux)
Comment: Ubi libertas, ibi patria.

iQEVAwUBPTK2COWR/8lWBVPnAQOwbAgAvKHXZZVexABa7JU8F+Fpr5pEtZ2VgNVD
/J96IEjMzmnV2LYO/QMGjQmcU+TTursiFulUGcWl8g6Vxm4VTlIhrlWQ1fWN0grV
rBgXHZaAxo6dWETSi4nquEfE/u8VtztsCOPm02jSaAIpe76hafnUY6b3nw+Qnfkv
u69BIZrlh6M60sIJMwPdqbUUj5VlKh9cKp+wlq0XbZ7dDPu52qGlm6EkUB9BjhPy
8CAaLY0rMMNOqwGlK/xiYMA+KxOMRc0NdMzYt4wj51wwE/xj5Fj9JGazA2qa7VMc
waMRJGzEY8b6l77u0ChpJAN+1v3rhjFm2WQZ8WZKFGkyWnD6eeoL+w==
=GTKd
-----END PGP SIGNATURE-----

--OROCMA9jn6tkzFBc--