headers
David Shaw | 16 Sep 2003 06:18

Using IDEA in v3-v4 algorithm conflict


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Section 12.1 of the draft says:

   An implementation that is striving for backward compatibility MAY
   consider a V3 key with a V3 self-signature to be an implicit
   preference for IDEA, and no ability to do TripleDES. This is
   technically non-compliant, but an implementation MAY violate the
   above rule in this case only and use IDEA to encrypt the message,
   provided that the message creator is warned. Ideally, though, the
   implementation would follow the rule by actually generating two
   messages, because it is possible that the OpenPGP user's
   implementation does not have IDEA, and thus could not read the
   message. Consequently, an implementation MAY, but SHOULD NOT use
   IDEA in an algorithm conflict with a V3 key.

This is a problem since the method given (even though it is a SHOULD
NOT) doesn't work terribly well in practice as PGP 2.x breaks when it
sees *anything* it doesn't understand in a message.  For example, the
most common OpenPGP encryption (sub)key type is Elgamal.  Trying to be
backwards compatible by using IDEA in an algorithm conflict between a
V3 key and an Elgamal subkey is pointless since PGP 2.x won't be able
to handle the message anyway due to the use of Elgamal.

Some experimentation shows that using IDEA when having a V3<=>V4
algorithm conflict only works if the V4 (sub)key is:

a) RSA
(Continue reading)

Permalink | Reply | 0 comments |
headers
vedaal | 16 Sep 2003 17:15

Re: Using IDEA in v3-v4 algorithm conflict


On Mon, 15 Sep 2003 21:18:05 -0700 David Shaw <dshaw <at> jabberwocky.com>
wrote:

>Trying to be
>backwards compatible by using IDEA in an algorithm conflict between
a
>V3 key and an Elgamal subkey is pointless since PGP 2.x won't be able
>to handle the message anyway due to the use of Elgamal.

>Some experimentation shows that using IDEA when having a V3<=>V4
>algorithm conflict only works if the V4 (sub)key is:

>a) RSA
and
>b) <=2112 bits 

>The above is true for MIT PGP 2.6.2 and PGP 2.6.3ia.  I don't know
>about Disastry's "2.6.3ia-multi05", or any other programs that might
>implement RFC-1991.

it is not a problem at all in Disastry's multi builds, as they accept
all symmetrical algorithms, (and all hashes),

but by default, will encrypt using idea, and sign with md5, unless configured
otherwise, or overriden at the command line
(the -j command added at the end of a command, can specify an ovverride
and use any algorithm and hash)

Disastry's builds are capable of generating keys up to 8k,
(Continue reading)

Permalink | Reply | 501 comments |
headers
David Shaw | 17 Sep 2003 01:20

Re: Using IDEA in v3-v4 algorithm conflict


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, Sep 16, 2003 at 08:15:53AM -0700, vedaal <at> hush.com wrote:

> On Mon, 15 Sep 2003 21:18:05 -0700 David Shaw <dshaw <at> jabberwocky.com>
> wrote:
> 
> >Trying to be
> >backwards compatible by using IDEA in an algorithm conflict between
> a
> >V3 key and an Elgamal subkey is pointless since PGP 2.x won't be able
> >to handle the message anyway due to the use of Elgamal.
> 
> >Some experimentation shows that using IDEA when having a V3<=>V4
> >algorithm conflict only works if the V4 (sub)key is:
> 
> >a) RSA
> and
> >b) <=2112 bits 
> 
> >The above is true for MIT PGP 2.6.2 and PGP 2.6.3ia.  I don't know
> >about Disastry's "2.6.3ia-multi05", or any other programs that might
> >implement RFC-1991.
> 
> it is not a problem at all in Disastry's multi builds, as they accept
> all symmetrical algorithms, (and all hashes),

The issue is unrelated to having sufficient symmetric algorithms, IDEA
(Continue reading)

Permalink | Reply | 501 comments |

Gmane