decryption failed: weak key
Johan Wevers
johanw at vulcan.xs4all.nl
Fri Oct 1 19:24:28 CEST 2004
Michael Roth wrote:
>No. If you take a look in g10/des.c you will find a table containing all
>64 known weak keys (search for "weak_key"). If gnupg creates a session
>key, it omits weak keys (take a look in g10/seskey.c, make_session_key).
I can understand that it doesn't encrypt to them, but why would it not
decrypt with them? I can't see any security risk in that.
And I too would like to know what application used that weak key. If it
wasn't done deliberately (some implementations allow one to specify the
symmetric key to use) it sounds like a backdoor.
--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw at vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html
More information about the Gnupg-users
mailing list