Mailing List Archive: GnuPG manual doubt

GnuPG manual doubt

Jan 27, 2000, 3:13 AM

Post #1 of 3 (601 views)

Hi,

while doing the Spanish translation of the manual, I've found something
I'm stack with. For the options s2k-digest-algo and s2k-mode the
synopsis says:

set the message digest algorithm for mangling passphrases

and

sets how passphrases are mangled

It would help me if anyone could give me a brief explanation of it, as I
can't think of the meaning for "mangling" here.

Also, could anyone tell me what does "adding salt to a passphrase" mean?
(the translation of "salt" is ok, just like the element).

TIA

--
Horacio Anno MMDCCLIII ad Urbe condita
homega@ciberia.es Valencia - ESPAÑA
--------------------------------------------------------------------
Key fingerprint = F4EE AE5E 2F01 0DB3 62F2 A9F4 AD31 7093 4233 7AE6

Re: GnuPG manual doubt [ In reply to ]

D.M.Pick at qmw

Jan 27, 2000, 4:00 AM

Post #2 of 3 (594 views)

Permalink

> while doing the Spanish translation of the manual, I've found something
> I'm stack with. For the options s2k-digest-algo and s2k-mode the
> synopsis says:
>
> set the message digest algorithm for mangling passphrases
>
> and
>
> sets how passphrases are mangled
>
> It would help me if anyone could give me a brief explanation of it, as I
> can't think of the meaning for "mangling" here.

The private keys are only stored encrypted. The (symmetric) algorithm used
needs (of course) a key. Using the passphrase directly as a key is not a good
idea because too many bits are related to each other other or by the fact
that the passphrase is encoded in ASCII. Therefore a cryptographic "hash"
of the passphrase is used instead to "mix up" the bits in the passphrase
and generate a good key for the actual encryption. The parameter concerned
gives the user a choice of which cryptographic hash function is used for
this process. Another name for the cryptographic "hash" function is a
"message digest" function, especially when it is used in signatures.

> Also, could anyone tell me what does "adding salt to a passphrase" mean?
> (the translation of "salt" is ok, just like the element).

This refers to the process of adding some random bits to a passphrase
before computing the cryptographic hash. These bits are stored with
the computed hash. This is done so that the same passphrase, when hashed
by different users, does not produce the same hash value - because the
"salt" is different. It's usually implemented by providing and initial
random value for some variable used iteratively during the computation;
I guess the use of the word "salt" is related to its use in the phrase
"salting a mine" for leaving a little gold behind in an otherwise empty
mine for your "sucker" to find so he thinks he's buying something
valuable from you when he's not.

--
David Pick

Re: GnuPG manual doubt [ In reply to ]

jashley at acm

Jan 27, 2000, 4:13 AM

Post #3 of 3 (600 views)

Permalink

The wording being quoted by Horacio comes directly from the gpg manual page.
If someone could post a clarification, in terms of the algorithms being
used, of what it means to "add salt" and "mangle", then Horacio and I could
fix both the English and Spanish versions once and for all.

Mike

----- Original Message -----
From: J Horacio MG <homega@ciberia.es>
To: GPG List <gnupg-users@gnupg.org>
Sent: Thursday, January 27, 2000 5:13 AM
Subject: GnuPG manual doubt

> while doing the Spanish translation of the manual, I've found something
> I'm stack with. For the options s2k-digest-algo and s2k-mode the
> synopsis says:
>
> set the message digest algorithm for mangling passphrases
>
> and
>
> sets how passphrases are mangled
>
> It would help me if anyone could give me a brief explanation of it, as I
> can't think of the meaning for "mangling" here.
>
>
> Also, could anyone tell me what does "adding salt to a passphrase" mean?
> (the translation of "salt" is ok, just like the element).