At 05:11 PM 7/27/2009, Jon Callas wrote:
By the way, do you think it's safe to phase out MD5?
That will break all the PGP 2 users.
Depends - if you're only replacing it with SHA-1, it's probably not
worthwhile..
And if you're breaking things anyway, might as well replace most of the
On Jul 26, 2009, at 10:31 PM, Peter Gutmann wrote:
Jon Callas j...@callas.org writes:
You are of course correct, Peter, but are you saying that we
shouldn't do
anything?
Well, I think it's necessary to consider the tradeoffs, if you don't
know the
other side's capabilities then it's a
Jon Callas j...@callas.org writes:
Okay, password-protected files would get it, too. I won't ask why you're
sending password protected files to an agent.
They're not technically password-protected files but pre-shared key (PSK)
protected files, where the keys have a high level of entropy
Jon Callas j...@callas.org writes:
You are of course correct, Peter, but are you saying that we shouldn't do
anything?
Well, I think it's necessary to consider the tradeoffs, if you don't know the
other side's capabilities then it's a bit risky to assume that they're the
same as yours.
You are
Jon Callas j...@callas.org writes:
On Jul 17, 2009, at 8:39 PM, Peter Gutmann wrote:
PGP Desktop 9 uses as its default an iteration count of four
million (!!) for its password hashing, which looks like a DoS to
anything that does sanity-checking of input.
That's precisely what it is -- a
Where this falls apart completely is when there are asymmetric
capabilities
across sender and receiver.
You are of course correct, Peter, but are you saying that we shouldn't
do anything?
I don't believe that we should roll over and die. We should fight
back, even if the advantage is to
On Jul 17, 2009, at 8:39 PM, Peter Gutmann wrote:
PGP Desktop 9 uses as its default an iteration count of four
million (!!) for its password hashing, which looks like a DoS to
anything that
does sanity-checking of input.
That's precisely what it is -- a denial of service to password
Leandro Meiners lmein...@gmail.com quotes:
For example, by specifying an HMACOutputLength of 1, only one bit of the
signature is verified. This can allow an attacker to forge an XML signature
that will be accepted as valid.
This excessive generality is a serious problem in way too many crypto
