Session Key Questions

Vlad "SATtva" Miller sattva at pgpru.com
Tue Oct 21 18:00:51 CEST 2008


Kevin Hilton (21.10.2008 22:52):
>> If the hash output is not enough, then extra 0x00 byte will be added to
>> your passphrase and hashed again to produce additional and different
>> hashing output. If even this isn't enough, then two 0x00 bytes will be
>> added and hashed again, and so on.
> 
> 
> Ok -- so just some points of clarification.  What is the default
> s2k-digest-algo?  Lets say its SHA1 or for the point of argument I set
> it to be SHA1.  SHA1 always produces 160 bit resultants.  Say I want
> to use the AES256 cipher.  If I am understanding what has been
> reported previously, this requires a 256 bit key.  If the process you
> described above works, wouldn't a 160 bit hash always be produced?
> Just to clarify in my own mind your process --  If the hash output is
> not enough and an extra 0x00 byte (which I think you are telling me
> 0x00 = 256 0 bits) is added to the passphrase and then rehashed with
> SHA1 - wouldn't another 160 bit hash be produced again?  How would a
> 256 bit hash ever be produced is the SHA1 hash was always used.

Just use both processes one after another: first produce two SHA-1
hashes which will give you 320 bits of output, then take first 256 bits
for the key and discard what's left.

> Thanks -- I have a feeling I'm getting off in left field here and
> missing some understanding of some basic concepts.

-- 
SATtva | security & privacy consulting
www.vladmiller.info | www.pgpru.com


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 513 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20081021/3c9f477f/attachment-0001.pgp>


More information about the Gnupg-users mailing list