Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.security.pgp.discuss > #54 > unrolled thread
| Started by | Jeffrey Goldberg <nobody@goldmark.org> |
|---|---|
| First post | 2011-05-26 00:52 -0500 |
| Last post | 2011-07-09 02:41 -0500 |
| Articles | 13 — 7 participants |
Back to article view | Back to comp.security.pgp.discuss
This discussion starts older than the indexed window; earlier articles aren't shown. The article labeled Started by
below is the oldest one visible, not the original post.
Re: GPG Question on Symmetric Key Input Jeffrey Goldberg <nobody@goldmark.org> - 2011-05-26 00:52 -0500
Re: GPG Question on Symmetric Key Input Globemaker <alanfolmsbee@cabanova.com> - 2011-05-26 05:01 -0700
Re: GPG Question on Symmetric Key Input Bohgosity BumaskiL <brewhaha@freenet.edmonton.ab.ca> - 2011-06-23 03:17 -0600
Re: GPG Question on Symmetric Key Input Globemaker <alanfolmsbee@cabanova.com> - 2011-06-27 20:07 -0700
Re: GPG Question on Symmetric Key Input "David W. Hodgins" <dwhodgins@nomail.afraid.org> - 2011-06-28 03:11 -0400
Re: GPG Question on Symmetric Key Input Fritz Wuehler <fritz@spamexpire-201106.rodent.frell.theremailer.net> - 2011-06-29 12:47 +0200
Re: GPG Question on Symmetric Key Input Globemaker <alanfolmsbee@cabanova.com> - 2011-08-19 04:36 -0700
Re: GPG Question on Symmetric Key Input Otto Sykora <bggbflxben@tzk.pu> - 2011-08-28 13:22 +0200
Re: GPG Question on Symmetric Key Input Jeffrey Goldberg <nobody@goldmark.org> - 2011-08-31 12:48 -0500
Re: GPG Question on Symmetric Key Input "Thor Kottelin" <thor@anta.net> - 2011-09-01 00:18 +0300
Re: GPG Question on Symmetric Key Input Jeffrey Goldberg <nobody@goldmark.org> - 2011-09-01 13:29 -0500
Re: GPG Question on Symmetric Key Input Bohgosity BumaskiL <brewhaha@freenet.edmonton.ab.ca> - 2011-06-30 00:32 -0600
Re: GPG Question on Symmetric Key Input Jeffrey Goldberg <nobody@goldmark.org> - 2011-07-09 02:41 -0500
| From | Jeffrey Goldberg <nobody@goldmark.org> |
|---|---|
| Date | 2011-05-26 00:52 -0500 |
| Subject | Re: GPG Question on Symmetric Key Input |
| Message-ID | <94684jF3lbU1@mid.individual.net> |
[follow-up set to comp.security.pgp.discuss] On 11-05-25 11:55 PM, Globemaker wrote: > I have searched the documentation but there is no mention of how I can > set the AES-128 key to be one I choose. I want my key to be hex 0x0000 > 0000 0000 0000 0000 0000 0000 0000 > GPG generates keys, but how can I input a key of all 128 bits of > zeros? Last I checked, GPG does not allow this. You give it a passphrase and it generates the key from that. > I do not want GPG to make a key for me, I want GPG to accept a key > that I specify. Is that disallowed? Seems so. > Where in the documentation does it explain how to enter a symmetric key of my choice? It's open source so you can modify it yourself. Or you can find another tool. But you might have more luck asking in the appropriate place. comp.security.pgp.discuss would be a far better place to get answers. I've set followups there. Cheers, -j -- Jeffrey Goldberg http://goldmark.org/jeff/ I rarely read HTML or poorly quoting posts Reply-To address is valid
[toc] | [next] | [standalone]
| From | Globemaker <alanfolmsbee@cabanova.com> |
|---|---|
| Date | 2011-05-26 05:01 -0700 |
| Message-ID | <8415d78c-6208-463a-826a-a5ed707ebd87@n10g2000yqf.googlegroups.com> |
| In reply to | #54 |
On May 26, 1:52 am, Jeffrey Goldberg <nob...@goldmark.org> wrote: > [follow-up set to comp.security.pgp.discuss] > > On 11-05-25 11:55 PM, Globemaker wrote: > > > I have searched the documentation but there is no mention of how I can > > set the AES-128 key to be one I choose. I want my key to be hex 0x0000 > > 0000 0000 0000 0000 0000 0000 0000 > > GPG generates keys, but how can I input a key of all 128 bits of > > zeros? > > Last I checked, GPG does not allow this. You give it a passphrase and it > generates the key from that. > > > I do not want GPG to make a key for me, I want GPG to accept a key > > that I specify. Is that disallowed? > > Seems so. > > > Where in the documentation does it explain how to enter a symmetric key of my choice? > > It's open source so you can modify it yourself. Or you can find another > tool. But you might have more luck asking in the appropriate place. > > comp.security.pgp.discuss would be a far better place to get answers. > I've set followups there. > > Cheers, > > -j > > -- > Jeffrey Goldberg http://goldmark.org/jeff/ > I rarely read HTML or poorly quoting posts > Reply-To address is valid Thank you Jeffrey. I also concluded that it is not allowed to input a symmetric key into GPG. I tried it last year and this year my searches showed that other people also could not control the key bits. OpenSSL does provide this capability. In sci.crypt it is appropriate to discuss THE REASON for designing GPG with that "feature" which is not mentioned in the documentation. One can speculate several altruistic or sinister REASONS that the key is untouchable. Here is a list: 1 Requiring a password to generate a key helps the goon squads to guess the key. 2 Keys are too important to let stupid people mishandle them. 3 Symmetric keys are more powerful than asymmetric and goons are preventing cascading encipherments. 4 It's for the children, the happy ones, to be insulated from tedious operations, to use short passwords that are easy to remember and easy to write on little papers to stick on the monitor. 5 Export permission from Commerce for GPG is easy to get if the Gnu staff compromises on security.
[toc] | [prev] | [next] | [standalone]
| From | Bohgosity BumaskiL <brewhaha@freenet.edmonton.ab.ca> |
|---|---|
| Date | 2011-06-23 03:17 -0600 |
| Message-ID | <96gel5F70vU1@mid.individual.net> |
| In reply to | #55 |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 GPG and PGP use a hash on the symmetric key you enter, because the hash contains more entropy: It is always 128 bits of enhanced randomness, so the best reason for hashing your keystrokes is because people are not always very creative with their pass-phrases. Phil Zimmerman coined that term, because even after he did the work of hashing pass-phrases, he wasn't convinced that people would always come up with sixteen letterz for their security, AND it was hard to prove that hashing a key was effective against short or sloppy symmetric keys. I imajin that you want to use a key with all zeros to test the symmetric encryption method. Well...your final analysis should include the effect of hashing your zeros. _______ http://ecn.ab.ca/~brewhaha/ BrewJay's Babble Bin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTgMEjR47apzXdID2AQJIBwP+K/z8fgdmspRcvWNvlepNigk8MIbv6GDd o+GqWs8DTQ2WvjA+4pdh992SfpVqrXOAhyAezQ9KrJ/CmUCX3cri5Rv3LkHUN3Sw dpR6K1xMbbettoJx9Lo9fCmm2iOgWEQyHd4irG9Xxs+AsOXuIVe2sPOxi5ayrLc+ 7YuQrdxgbxg= =g9wJ -----END PGP SIGNATURE-----
[toc] | [prev] | [next] | [standalone]
| From | Globemaker <alanfolmsbee@cabanova.com> |
|---|---|
| Date | 2011-06-27 20:07 -0700 |
| Message-ID | <c4033f9f-f9dc-488b-a216-726e822a2047@q17g2000vby.googlegroups.com> |
| In reply to | #69 |
On Jun 23, 5:17 am, Bohgosity BumaskiL <brewh...@freenet.edmonton.ab.ca> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > GPG and PGP use a hash on the symmetric key you enter, > > because the hash contains more entropy: It is > always 128 bits of enhanced randomness, so the > best reason for hashing your keystrokes is because > people are not always very creative with their > pass-phrases. Phil Zimmerman coined that term, > because even after he did the work of hashing > pass-phrases, he wasn't convinced that people > would always come up with sixteen letterz for > their security, AND it was hard to prove that > hashing a key was effective against short or > sloppy symmetric keys. > > I imajin that you want to use a key with all > zeros to test the symmetric encryption method. > Well...your final analysis should include the > effect of hashing your zeros. > _______http://ecn.ab.ca/~brewhaha/BrewJay's Babble Bin > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.2 (MingW32) > Comment: Using GnuPG with Mozilla -http://enigmail.mozdev.org/ > > iQCVAwUBTgMEjR47apzXdID2AQJIBwP+K/z8fgdmspRcvWNvlepNigk8MIbv6GDd > o+GqWs8DTQ2WvjA+4pdh992SfpVqrXOAhyAezQ9KrJ/CmUCX3cri5Rv3LkHUN3Sw > dpR6K1xMbbettoJx9Lo9fCmm2iOgWEQyHd4irG9Xxs+AsOXuIVe2sPOxi5ayrLc+ > 7YuQrdxgbxg= > =g9wJ > -----END PGP SIGNATURE----- Thank you for mentioning the hash step. My conclusion is that the hashed password value is not accessible to me or any user from the menus. If the symmetric key is a hashed password, it is no better than a password. The hash is easy to duplicate. Bad passwords : 123456, password, secret, etc. always hash into the same symmetric key. GPG seems to prevent users from seeing the symmetric key or setting the key. Only passwords are used to hash to set the key. This is weak crypto. It is compromised. Correct me if there is a way to input a 128 bit key directly into GPG AES. I believe there is no menu item to define a 128 bit key for symmetric ciphers. That is bad quality crypto. It is weak so it can be broken easily by NSA, etc. But it is strong enough to fool my little sister or script kiddies.
[toc] | [prev] | [next] | [standalone]
| From | "David W. Hodgins" <dwhodgins@nomail.afraid.org> |
|---|---|
| Date | 2011-06-28 03:11 -0400 |
| Message-ID | <op.vxrx9znda3w0dxdave@hodgins.homeip.net> |
| In reply to | #70 |
On Mon, 27 Jun 2011 23:07:39 -0400, Globemaker <alanfolmsbee@cabanova.com> wrote: >> GPG and PGP use a hash on the symmetric key you enter, > Thank you for mentioning the hash step. My conclusion is that the > hashed password value is not accessible to me or any user from the > menus. If the symmetric key is a hashed password, it is no better than > a password. The hash is easy to duplicate. Bad passwords : 123456, How do you figure the hash is easy to duplicate? Regards, Dave Hodgins -- Change nomail.afraid.org to ody.ca to reply by email. (nomail.afraid.org has been set up specifically for use in usenet. Feel free to use it yourself.)
[toc] | [prev] | [next] | [standalone]
| From | Fritz Wuehler <fritz@spamexpire-201106.rodent.frell.theremailer.net> |
|---|---|
| Date | 2011-06-29 12:47 +0200 |
| Message-ID | <6270bd9d83b002c4f9729fb9b88f0a26@msgid.frell.theremailer.net> |
| In reply to | #71 |
Didn't see the original post so... > >> GPG and PGP use a hash on the symmetric key you enter, For what? Not the session key, that's randomly generated for each message. If you are talking about using pure symmetric crypto with PGP then that is also wrong, in that case there is no session key saved anywhere, it has no choice but to use the exact passphrase you use. The hash is on the message itself so it can be verified when you supply the correct key! > > Thank you for mentioning the hash step. My conclusion is that the > > hashed password value is not accessible to me or any user from the > > menus. If the symmetric key is a hashed password, it is no better than > > a password. The hash is easy to duplicate. Bad passwords : 123456, The *passphrase* is an iterated hash of the password. If you have questions on exactly how it's done you should ask on those mailing lists instead of posting incorrect information as gospel. The gpg method should protect against precalculating hashes for common passphrases but even if that didn't work, the passphrase is useless without the private key. The basis of using PGP or GPG securely is keeping your private key secure. Then your passphrase is meaningless. I rarely use passphrases because they're not worth it for my threat model. If you are worried about people getting your private key then you have bigger problems than I do. > How do you figure the hash is easy to duplicate? Not to speak for the OP but the men in black and other motivated attackers mmaintain large lists of common words and phrases and their hash values in all the commonly deployed hashes so they can work backwards much more quickly. They don't so much duplicate hashes as much as they have all the possible hash values for given words and phrases ready to look up.
[toc] | [prev] | [next] | [standalone]
| From | Globemaker <alanfolmsbee@cabanova.com> |
|---|---|
| Date | 2011-08-19 04:36 -0700 |
| Message-ID | <e5c25171-69c0-4cfa-abb8-6bfb1140c7cc@t7g2000vbv.googlegroups.com> |
| In reply to | #72 |
On Jun 29, 6:47 am, Fritz Wuehler <fr...@spamexpire-201106.rodent.frell.theremailer.net> wrote: > Didn't see the original post so... > > > >> GPG and PGP use a hash on the symmetric key you enter, > > For what? Not the session key, that's randomly generated for each > message. If you are talking about using pure symmetric crypto with PGP then > that is also wrong, in that case there is no session key saved anywhere, it > has no choice but to use the exact passphrase you use. The hash is on the > message itself so it can be verified when you supply the correct key! > > > > Thank you for mentioning the hash step. My conclusion is that the > > > hashed password value is not accessible to me or any user from the > > > menus. If the symmetric key is a hashed password, it is no better than > > > a password. The hash is easy to duplicate. Bad passwords : 123456, > > The *passphrase* is an iterated hash of the password. If you have questions > on exactly how it's done you should ask on those mailing lists instead of > posting incorrect information as gospel. The gpg method should protect > against precalculating hashes for common passphrases but even if that didn't > work, the passphrase is useless without the private key. The basis of using > PGP or GPG securely is keeping your private key secure. Then your passphrase > is meaningless. I rarely use passphrases because they're not worth it for my > threat model. If you are worried about people getting your private key then > you have bigger problems than I do. > > > How do you figure the hash is easy to duplicate? > > Not to speak for the OP but the men in black and other motivated attackers > mmaintain large lists of common words and phrases and their hash values in > all the commonly deployed hashes so they can work backwards much more > quickly. They don't so much duplicate hashes as much as they have all the > possible hash values for given words and phrases ready to look up. OP Globemaker sender says: Thank you all for answering. No response gave me a way to enter a 128 bit key for AES encryption in GPG. I conclude that GPG has no menu for me to specify a specific 128 bit key for AES to use to encrypt a message. GPG only allows a password to be a seed to create a 128 bit key that I can never see. I am criticizing GPG for this reason. It is compromised.
[toc] | [prev] | [next] | [standalone]
| From | Otto Sykora <bggbflxben@tzk.pu> |
|---|---|
| Date | 2011-08-28 13:22 +0200 |
| Message-ID | <fm8k57hqi0lroh1t4dbrk5c0gfg7p7efbp@4ax.com> |
| In reply to | #79 |
>I can never see. I am criticizing GPG for this reason. It is compromised.< hmmm, what do you mean by compromized? The fact that there is no way to use self made symetric keys does not mean anything about compromizing. gpg is not a software meant for such trivial use. as stated above, symetric keys are one time use items and need not to be stored, presented or entered in any case. To handle them you need the asymetric part of gpg to make any use of it.
[toc] | [prev] | [next] | [standalone]
| From | Jeffrey Goldberg <nobody@goldmark.org> |
|---|---|
| Date | 2011-08-31 12:48 -0500 |
| Message-ID | <9c7af2F1ktU1@mid.individual.net> |
| In reply to | #79 |
On 11-08-19 6:36 AM, Globemaker wrote: > I conclude that GPG has no menu for me to specify a specific 128 bit > key for AES to use to encrypt a message. GPG only allows a password > to be a seed to create a 128 bit key that I can never see. That is correct. PGP/GnuPG are designed for real world secure communication and encryption, not a tool chest for playing with algorithms. > I am criticizing GPG for this reason. It is compromised. It also doesn't make toast. Therefore it is completely broken. Cheers, -j -- Jeffrey Goldberg http://goldmark.org/jeff/ I rarely read HTML or poorly quoting posts Reply-To address is valid
[toc] | [prev] | [next] | [standalone]
| From | "Thor Kottelin" <thor@anta.net> |
|---|---|
| Date | 2011-09-01 00:18 +0300 |
| Message-ID | <3zx7q.72761$mX5.62382@uutiset.elisa.fi> |
| In reply to | #81 |
"Jeffrey Goldberg" <nobody@goldmark.org> wrote in message news:9c7af2F1ktU1@mid.individual.net... > On 11-08-19 6:36 AM, Globemaker wrote: >> I am criticizing GPG for this reason. It is compromised. > > It also doesn't make toast. Not even if you place a slice of bread on the keyboard of a ten year old laptop, make GPG crunch out a 8192-bit key and close the lid overnight? -- Thor Kottelin http://www.anta.net/
[toc] | [prev] | [next] | [standalone]
| From | Jeffrey Goldberg <nobody@goldmark.org> |
|---|---|
| Date | 2011-09-01 13:29 -0500 |
| Message-ID | <9ca19eFiboU1@mid.individual.net> |
| In reply to | #83 |
On 11-08-31 4:18 PM, Thor Kottelin wrote: > "Jeffrey Goldberg" <nobody@goldmark.org> wrote in message > news:9c7af2F1ktU1@mid.individual.net... >> On 11-08-19 6:36 AM, Globemaker wrote: > >>> I am criticizing GPG for this reason. It is compromised. >> >> It also doesn't make toast. > > Not even if you place a slice of bread on the keyboard of a ten year old > laptop, make GPG crunch out a 8192-bit key and close the lid overnight? Fair enough. But it would burn the toast, in which case I have to say that it doesn't make toast well. So it is still completely broken. Broken I say! Cheers, -j -- Jeffrey Goldberg http://goldmark.org/jeff/ I rarely read HTML or poorly quoting posts Reply-To address is valid
[toc] | [prev] | [next] | [standalone]
| From | Bohgosity BumaskiL <brewhaha@freenet.edmonton.ab.ca> |
|---|---|
| Date | 2011-06-30 00:32 -0600 |
| Message-ID | <972jl9F6hdU1@mid.individual.net> |
| In reply to | #70 |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2011-06-27 9:07 PM, Globemaker wrote: > On Jun 23, 5:17 am, Bohgosity BumaskiL > <brewh...@freenet.edmonton.ab.ca> wrote: > GPG and PGP use a hash on the symmetric key you enter, > > because the hash contains more entropy: It is > always 128 bits of enhanced randomness, so the > best reason for hashing your keystrokes is because > people are not always very creative with their > pass-phrases. Phil Zimmerman coined that term, > because even after he did the work of hashing > pass-phrases, he wasn't convinced that people > would always come up with sixteen letterz for > their security, AND it was hard to prove that > hashing a key was effective against short or > sloppy symmetric keys. > > I imajin that you want to use a key with all > zeros to test the symmetric encryption method. > Well...your final analysis should include the > effect of hashing your zeros. > _______ > http://ecn.ab.ca/~brewhaha/BrewJay's Babble Bin > Thank you for mentioning the hash step. My > conclusion is that the > hashed password value is not accessible to > me or any user from the > menus. > If the symmetric key is a hashed password, > it is no better than > a password. The hash is easy to duplicate. > Bad passwords : 123456, > password, secret, etc. always hash into the > same symmetric key. 1. Hash words, in the same manner az PGP, like "secret". 2. If your hash matches the symmetric key, then you've cracked it. 3. Code is probably out there to apply "crack" to PGP. Symmetric cryptography is never stronger than a user's pass-phrase. Few people use symmetric cryptography: gpg -c That is why it was hard for Zimmerman to prove that hashing a symmetric key was an improvement. I see nothing that anyone can do about weak pass-phrases, other than making a computer demand a strong one, or at least rate strength. Symmetric cryptography is never stronger than a pass-phrase. OTOH, if we talk about public key crypto, an attacker haz to get both a private key, and a pass-phrase. In that case, a symmetric key will be extremely random, and it will be encrypted with a public key. > GPG > seems to prevent users from seeing the symmetric > key or setting the key. Only passwords are used to > hash to set the key. This is weak > crypto. It is compromised. Correct me if there > is a way to input a 128 > bit key directly into GPG AES. I believe there > is no menu item to > define a 128 bit key for symmetric ciphers. That > is bad quality > crypto. It is weak so it can be broken easily > by NSA, etc. But it is > strong enough to fool my little sister or script > kiddies. (remind me to find something to re-format quoted text before enigmail signs it) I do not see how using clear pass-phrases can be any stronger than hashed pass-phrases. What you are saying haz nothing to do with weak crypto: More entropy is in keys being used to encrypt a message. If you could enter a pass-phrase without a hash, then you could still apply crack to it. It would run twice az long, because it would hav to test against both hashed and unhashed pass-phrases. In the end, I see no compelling reason to enable unhashed pass-phrases in symmetric crypto. _______ A soldier who survived mustard gas and pepper spray is now a seasoned veteran. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQCVAwUBTgwYgR47apzXdID2AQIb+AP+MdmSoY0tx/pHHZriUKgKAdXrKZFyQGOH srnzcu4Xj/1Wqw9ws/m9BWPh80Sxxt0d4+cNVp4DTReGjF6m6dPDB6h3BuYM13Rh 6Khh0RWRVjEZJeGswtYFs2bnVBpgA05HAdyXu4Tr0BlBYRiPU1hftTrXZO0BXyZ1 4OO7n7vsJ8E= =kX/J -----END PGP SIGNATURE-----
[toc] | [prev] | [next] | [standalone]
| From | Jeffrey Goldberg <nobody@goldmark.org> |
|---|---|
| Date | 2011-07-09 02:41 -0500 |
| Message-ID | <97qf1gFvjmU1@mid.individual.net> |
| In reply to | #55 |
On 11-05-26 7:01 AM, Globemaker wrote: > In sci.crypt it is appropriate to discuss THE REASON for designing GPG > with that "feature" which is not mentioned in the documentation. One > can speculate several altruistic or sinister REASONS that the key is > untouchable. Here is a list: > 2 Keys are too important to let stupid people mishandle them. This is one of the reasons that crypto systems use key derivation functions. They are to go from the kinds of things that can live and people's heads (and be typed in) to the 128 bit numbers that the actual encryption uses. I haven't looked at the source, but a quick bit of googling tells me that GPG uses PBKDF2 as a key derivation function. The purpose of things like PBKDF2 is to make the process of going from a pass phrase to the key computationally expensive (say taking 200ms). 200ms isn't going to bother a user typing in their pass phrase but it does slow down automated password crackers. I describe PBKDF2 (as used in a different tool) fairly vaguely for a general audience here: http://blog.agilebits.com/2011/05/defending-against-crackers-peanut-butter-keeps-dogs-friendly-too/ If you want more details you can read the Wikipedia article on it or even the relevant RFCs. http://en.wikipedia.org/wiki/PBKDF2 GnuPG/PGP is meant as a tool to help you keep things secret. If you want a toolset for playing with encryption algorithms, they you will need to look elsewhere. Cheers, -j -- Jeffrey Goldberg http://goldmark.org/jeff/ I rarely read HTML or poorly quoting posts Reply-To address is valid
[toc] | [prev] | [standalone]
Back to top | Article view | comp.security.pgp.discuss
csiph-web