[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Fwd: KWallet weaknesses
From:       Dirk Mueller <mueller () kde ! org>
Date:       2003-12-09 0:09:19
[Download RAW message or body]

On Monday 08 December 2003 23:10, Werner Koch wrote:

> Either PKCS#5 or the S2K code from OpenPGP.  Here is an implementation
> under the GPL from gnupg-1.9/agent/protect.c derived from gnupg:

This doesn't seem to be selfcontained. 

> > b) You said that the version numbers will allow replay attacks. Though I
> > don't
> I talked about a rollback attack, that is at one time you change the
> algorithm because a weakness was found in Blowfish and under certain
> conditions an attacker might be able to trick you to use Blowfish
> again even you are using the modern-ultra-resistant-algorithm. 

In such a case we would support the old protocol for importing. As long as we 
don't write the old blowfish then I can not see how one can possibly perform 
such an rollback attack. 

> There 
> is no immediate need but you should think about it when you allow for
> different algorithms.  BTW, even Schneier is not anymore certain of
> his Blowfish; all other modern algorithm have meanwhile been better
> analyzed than Blowfish.

Which one would you recommend?

[prev in list] [next in list] [prev in thread] [next in thread]