decryption failed: weak key

Johan Wevers johanw at vulcan.xs4all.nl
Fri Oct 1 19:24:28 CEST 2004


Michael Roth wrote:

>No. If you take a look in g10/des.c you will find a table containing all
>64 known weak keys (search for "weak_key"). If gnupg creates a session
>key, it omits weak keys (take a look in g10/seskey.c, make_session_key).

I can understand that it doesn't encrypt to them, but why would it not
decrypt with them? I can't see any security risk in that.

And I too would like to know what application used that weak key. If it
wasn't done deliberately (some implementations allow one to specify the
symmetric key to use) it sounds like a backdoor.

-- 
ir. J.C.A. Wevers         //  Physics and science fiction site:
johanw at vulcan.xs4all.nl   //  http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html



More information about the Gnupg-users mailing list