Patch add support for different algorithms in the agent private key storage

Robert J. Hansen rjh at
Thu Feb 21 02:39:18 CET 2013

On 02/20/2013 08:23 PM, Robert J. Hansen wrote:
> The current best attack on AES-256 maxes out at 11 rounds; the full
> AES-256 has 14 rounds.

Doing a little more research, I found a theoretical attack on the full
-256 and -192; I was wrong to say the current best attack only worked on
a reduced-round variant.  The new hotness is a related-key attack,
wherein the attacker chooses two keys and a relationship between them
and uses that to attack the full cipher.  It's definitely an exotic:
that sort of condition is unlikely to occur in the real world,
especially in GnuPG where AES is used for randomly-generated session
keys -- there's no relationship between them to be exploited.

Still, I was incorrect to say the best attack is on a reduced-round
variant.  Mea culpa.  :)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130220/0d2836cf/attachment.pgp>

More information about the Gnupg-users mailing list