Session Key Questions

Vlad "SATtva" Miller sattva at
Tue Oct 21 17:28:55 CEST 2008

Kevin Hilton (21.10.2008 21:48):
>> Depends on what algorithm you're using for the symmetric cipher.  A 128-bit cipher gets a 128-bit session key, a 256-bit cipher gets a 256-bit session key.  The only exception might be 3DES, which >technically requires a 192-bit session key, but since only 168 bits get used, there could be some discrepancy there.
>>> When the session key is randomly generated (asymmetric encryption),
>>> how large is the session key?  Is the length set or does it depend on
>>> other parameter such as the length of the DSA/RSA key or hash?
>> It is the key size of your symmetric cipher.  So AES256 == 256 bits, AES128
>> == 128 bits, etc.
> Thanks for rapid response -- I guess I'm missing out on some of the
> more basic details.  Just a quick followup.  If I'm planning on using
> gpg to symmetrically encrypt a file for example, and choose a
> password.  This password is salted and hashed.  Say for theoretical
> reasons SHA512 was used to perform the hashing producing a 512 bit
> hash result.  Would then hash then be rounded, or the right most bits
> excluded if it were to used with AES encryption (which requires a 128

Extra bits will be discarded from the hash function output.

> bit key)?  In the opposite situation, say SHA1 produced a 160 bit hash
> result and I wanted to use AES256 (which requires a 256 bit key) --
> would "extra bits" be added onto the hash result to pad the results up
> to 256 bits?

If the hash output is not enough, then extra 0x00 byte will be added to
your passphrase and hashed again to produce additional and different
hashing output. If even this isn't enough, then two 0x00 bytes will be
added and hashed again, and so on.

> Using the defaults as provided in the standard gpg.conf file -- what
> hash is used in the normal salting/hashing process during symmetric
> encryption?  I dont believe this is the s2k-digest-algo since this is
> for key protection.

Nevertheless, it is s2k-digest-algo, which is used for *all* passphrase
crunching operations.

SATtva | security & privacy consulting |

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 513 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20081021/d043f0c6/attachment.pgp>

More information about the Gnupg-users mailing list