Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]


Groups > comp.security.pgp.discuss > #74

Re: GPG Question on Symmetric Key Input

From Jeffrey Goldberg <nobody@goldmark.org>
Newsgroups comp.security.pgp.discuss
Subject Re: GPG Question on Symmetric Key Input
Date 2011-07-09 02:41 -0500
Message-ID <97qf1gFvjmU1@mid.individual.net> (permalink)
References <cf00d484-2c54-4210-8fae-2d790f6b5a43@gu8g2000vbb.googlegroups.com> <94684jF3lbU1@mid.individual.net> <8415d78c-6208-463a-826a-a5ed707ebd87@n10g2000yqf.googlegroups.com>

Show all headers | View raw


On 11-05-26 7:01 AM, Globemaker wrote:

> In sci.crypt it is appropriate to discuss THE REASON for designing GPG
> with that "feature" which is not mentioned in the documentation.  One
> can speculate several altruistic or sinister REASONS that the key is
> untouchable. Here is a list:

> 2 Keys are too important to let stupid people mishandle them.

This is one of the reasons that crypto systems use key derivation
functions. They are to go from the kinds of things that can live and
people's heads (and be typed in) to the 128 bit numbers that the actual
encryption uses.

I haven't looked at the source, but a quick bit of googling tells me
that GPG uses PBKDF2 as a key derivation function. The purpose of things
like PBKDF2 is to make the process of going from a pass phrase to the
key computationally expensive (say taking 200ms). 200ms isn't going to
bother a user typing in their pass phrase but it does slow down
automated password crackers.

I describe PBKDF2 (as used in a different tool) fairly vaguely for a
general audience here:

 http://blog.agilebits.com/2011/05/defending-against-crackers-peanut-butter-keeps-dogs-friendly-too/

If you want more details you can read the Wikipedia article on it or
even the relevant RFCs.

 http://en.wikipedia.org/wiki/PBKDF2

GnuPG/PGP is meant as a tool to help you keep things secret. If you want
a toolset for playing with encryption algorithms, they you will need to
look elsewhere.

Cheers,

-j


-- 
Jeffrey Goldberg          http://goldmark.org/jeff/
I rarely read HTML or poorly quoting posts
Reply-To address is valid

Back to comp.security.pgp.discuss | Previous | NextPrevious in thread | Find similar | Unroll thread


Thread

Re: GPG Question on Symmetric Key Input Jeffrey Goldberg <nobody@goldmark.org> - 2011-05-26 00:52 -0500
  Re: GPG Question on Symmetric Key Input Globemaker <alanfolmsbee@cabanova.com> - 2011-05-26 05:01 -0700
    Re: GPG Question on Symmetric Key Input Bohgosity BumaskiL <brewhaha@freenet.edmonton.ab.ca> - 2011-06-23 03:17 -0600
      Re: GPG Question on Symmetric Key Input Globemaker <alanfolmsbee@cabanova.com> - 2011-06-27 20:07 -0700
        Re: GPG Question on Symmetric Key Input "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2011-06-28 03:11 -0400
          Re: GPG Question on Symmetric Key Input Fritz Wuehler <fritz@spamexpire-201106.rodent.frell.theremailer.net> - 2011-06-29 12:47 +0200
            Re: GPG Question on Symmetric Key Input Globemaker <alanfolmsbee@cabanova.com> - 2011-08-19 04:36 -0700
              Re: GPG Question on Symmetric Key Input Otto Sykora <bggbflxben@tzk.pu> - 2011-08-28 13:22 +0200
              Re: GPG Question on Symmetric Key Input Jeffrey Goldberg <nobody@goldmark.org> - 2011-08-31 12:48 -0500
                Re: GPG Question on Symmetric Key Input "Thor Kottelin" <thor@anta.net> - 2011-09-01 00:18 +0300
                Re: GPG Question on Symmetric Key Input Jeffrey Goldberg <nobody@goldmark.org> - 2011-09-01 13:29 -0500
        Re: GPG Question on Symmetric Key Input Bohgosity BumaskiL <brewhaha@freenet.edmonton.ab.ca> - 2011-06-30 00:32 -0600
    Re: GPG Question on Symmetric Key Input Jeffrey Goldberg <nobody@goldmark.org> - 2011-07-09 02:41 -0500

csiph-web