Mailing List Archive

Hi

>>>>> "JL" == Johan Lundberg <p99jlu@physto.se> writes:

JL> On Thu, 13 Apr 2000, L. Sassaman wrote:
>> PGP does not implement Blowfish, so this is most likely
>> your problem.

JL> So, why does GPG default to something that pgp cant handle?

It's a long story. Blowfish is a fast and secure [so far]
algorithm. You'd have to ask NAI why they don't implement it.

--
\js

SHHHH!! I hear SIX TATTOOED TRUCK-DRIVERS tossing ENGINE BLOCKS
into empty OIL DRUMS..

On Thu, 13 Apr 2000, L. Sassaman wrote:

> Be sure you are using a cipher that both products can understand. 3DES is
> the most logical, since it is required by RFC 2440. CAST is the default
> cipher in PGP, and Blowfish in GnuPG. PGP does not implement Blowfish, so
> this is most likely your problem.

IIRC, PGP 5.0beta something did implement Blowfish and created
preferences to it.


--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de

On Thu, 13 Apr 2000, L. Sassaman wrote:

> about 5.x violations. Show me 6.0 non-compliance issues, other than the
> photo-id packet. Please. (And by the way, OpenPGP *is* an emulation of PGP
> Inc.'s product. ;) )

There used to be a signature subpacket with some X.509 data, the
subpacket number was not in the private/experimenatl range and not
specified by OpenPGP.

> Note, also, that GnuPG does not use DSS by default. The jury is still out
> on the effectiveness of RIPEMD160 in place of SHA-1 when used with DSA. It

Hmmm? just did a simple test without any special options (gpg -s hallo):

$ gpg --list-packets hallo.gpg
:compressed packet: algo=1
:onepass_sig packet: keyid 6C7EE1B8621CC013
version 3, sigclass 00, digest 2, pubkey 17, last=1
:literal data packet:
mode b, created 955701015, name="hallo",
raw data: 6 bytes
:signature packet: algo 17, keyid 6C7EE1B8621CC013
version 3, created 955701015, md5len 5, sigclass 00
digest algo 2, begin of digest bf b4
data: [158 bits]
data: [160 bits]

digest algo 2 is SHA-1, so it looks very much like DSS; I have to
confess that the GnuPG does not use the recommended prosecure for key
generation.



--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de

On Thu, 13 Apr 2000, John Saylor wrote:

> It's a long story. Blowfish is a fast and secure [so far]
> algorithm. You'd have to ask NAI why they don't implement it.

For encryption it is relly simple: If you encrypt for a key, an
OpenPGP implemenation does an intersection between the list of
algorithm it implements and the ones foun in the key of the recipient.
This intersection will never be empty becuase 3DES is implicty
available.

So, if you created a key with a preference including Blowfish, any
OpenPGP implemenation may decide to use Blowfish for encryption.

Yes, I know, there should be a more easy way to change preferences,
without editing gpg source.

Preferences don't work with signatures of course.

Werner

--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de

On Fri, 14 Apr 2000, L. Sassaman wrote:

> But the point is still valid to those who wish to tweak their settings for
> no reason: using RIPEMD160 instead of SHA-1 with DSA keys makes them not
> DSS. It is my recommendation that people use SHA-1 with DSA keys unless at
> some point they are given good reason not to trust SHA-1.

Most banks here in Germany prefer RIPEMD160 over SHA1; I don't know
why ;-)


--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de

On Fri, 14 Apr 2000, L. Sassaman wrote:

> As it doesn't look like Blowfish is going to be implemented in PGP, I'd
> like to see GnuPG give the option to exclude it from the preferences when
> keys are generated in GnuPG.

No.

--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de

On Fri, 14 Apr 2000, L. Sassaman wrote:

> I don't know about previous versions, but in 6.5.3 it is subpacket number
> 100 (internal or user defined).

Sorry, I was wrong here. See my message from 21 Feb 2000 22:31:47 in
gnupg-devel.

Werner

--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de

On Thu, 13 Apr 2000, Lazarus Long wrote:

>However, I am now curious why the commercial (NAI) PGP doesn't support
>open source Blowfish. But, being a commercial endeavor, I suppose I
>should not care very much what they (NAI) do or do not support. As long
>as GnuPG remains standards-compliant I should be happy. The fact that NAI
>chose to make their product noncompliant with the standard (in another
>manner) is deplorable (in my opinion.) They are certainly not something
>to be emulated.

Ohh.. I thougth that one nice thing with gnupg whas that you should be
able to encrypt to and from pgp, gpg and other users without to mush
problems. It's a fact that pgp is mush more used than gpg, so i think pgp
should be fully compatible with pgp by default (as long as it's not a
violation to openPGP). If gpg are to replace pgp (as I understand you wold
like?), it would be nice to be as compatible as possible.

/johan
___________________________________________
Johan Lundberg HTTP://johan.hello.to
Vibblabyv. 28 PGP: 0xD3A0A0E5
17764 Jarfalla B847 687B 8971 0AAC 1C29
+46(0)8-580 17259 DBA1 AB5F 664F D3A0 A0E5

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Johan Lundberg, at 12:28 +0200 on Fri, 14 Apr 2000, wrote:

> Ohh.. I thougth that one nice thing with gnupg whas that you should be
> able to encrypt to and from pgp, gpg and other users without to mush
> problems. It's a fact that pgp is mush more used than gpg, so i think pgp
> should be fully compatible with pgp by default (as long as it's not a
> violation to openPGP). If gpg are to replace pgp (as I understand you wold
> like?), it would be nice to be as compatible as possible.

No, the nice thing about GnuPG is that it conforms to an
internet-recognized specification for exchanging OpenPGP messages. This
standard is available for anyone to view and create a new implementation
of. If these standards did not exist we wouldn't have working protocols
like TCP or HTTP.

Three are currently two major things which break compatibility:
encumbering patents, and PGP.

RSA and IDEA are not supported by default in GnuPG because they are not
free algorithms. These are SHOULD's in the OpenPGP specifiction. RSA
will likely be supported when the patent runs out this fall. IDEA's
patent does not run out for several years.

NAI's PGP breaks the OpenPGP specifiction with it's new packets such as
the photo-id. I can see that NAI wants to further extend the powers of
PGP, and that is fine with me; however, users should be aware that there
is an open standard with free implementations which anyone can use, and
that not abiding by this standard has a good chance of alienating those
who abide by it.

This the same reason why use of Word documents is highly discouraged over
other open, standards-based forms such as HTML; it would be silly to think
that HTML should try to replace Word, or compensate for it. Sure, MS
wants to further the complexity and power of a Word document, but that
does not in any way mean that the designers of HTML should want or try to
compensate.

Oh, and by the way, when I refer to free I mean Open Source Free.

- --
Frank Tobin http://www.uiuc.edu/~ftobin/

"To learn what is good and what is to be valued,
those truths which cannot be shaken or changed." Myst: The Book of Atrus
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (FreeBSD)
Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/

iEYEARECAAYFAjj3OoMACgkQVv/RCiYMT6O/FQCfbgbUaPNnjwa6kWzLOlHZMR5j
9GsAniiEqcqBW0X9dxJeyHuW2hdT4P2x
=mxq+
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Werner Koch, at 11:49 +0200 on Fri, 14 Apr 2000, wrote:

> On Fri, 14 Apr 2000, L. Sassaman wrote:
>
> > As it doesn't look like Blowfish is going to be implemented in PGP, I'd
> > like to see GnuPG give the option to exclude it from the preferences when
> > keys are generated in GnuPG.
>
> No.

Hehehe. Of course, there is _nothing_ stopping Len from editing GnuPG
himself, making the modification, releasing, and continuing to track the
source, to see if users would prefer his modified version. Mmmm, GPL'd
software, crunchy on the outside, soft and gooey in the middle :)

- --
Frank Tobin http://www.uiuc.edu/~ftobin/

"To learn what is good and what is to be valued,
those truths which cannot be shaken or changed." Myst: The Book of Atrus

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (FreeBSD)
Comment: pgpenvelope - http://pgpenvelope.sourceforge.net/

iEYEARECAAYFAjj3PbMACgkQVv/RCiYMT6N2SwCfbxNWByGIeQoyFQM1WTTToqB6
DdkAoJLBtEWJ80h/buCD6iSP/+V6+kXi
=WdYz
-----END PGP SIGNATURE-----

L. Sassaman, at 14:03 -0700 on Fri, 14 Apr 2000, wrote:

> Not following SHOULDs, unless there is a very good reason, is bad.

Are you implying that creating unrestricted, free software is not a "vey
good reason"? Remember, the FSF has strong philosophies which have
changed things for many of us, because of this good reason.

> Photo-ID and what else? Nothing. And the photo ID breaks nothing,
> either.

If this is true, I'll stop arguing this point; I'm sure you've become more
intimate with PGP's internals and the RFC than I have.


--
Frank Tobin http://www.uiuc.edu/~ftobin/

"To learn what is good and what is to be valued,
those truths which cannot be shaken or changed." Myst: The Book of Atrus

L. Sassaman wrote:

> As it doesn't look like Blowfish is going to be implemented in PGP,

I don't follow the recent pgp development closely, but I thought it's
source is still available. Is it difficult to write Blowfish modules for
pgp 6.x like the ones for GnuPG?

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

On Fri, 14 Apr 2000, L. Sassaman wrote:

> I was not judging the particular case of not including IDEA and RSA. In

It is perfectly okay not to include those algorithms. The IETF
prefers unpatened algorithms if it can be done at all and one of the
reasons why we have this whole OpenPGP think, is that it now allows
free usage of a protocol.

> fact, the modules almost make up for it (the RSA module doesn't permit key
> generation, I don't believe). But I was just pointing out that SHOULD

And with a good reason. 2 years back most folks agredd on that RSA is
a bad thing. I remember that Phil called my on the phone to make sure
that GnuPG will not switch to RSA!

Because it sometimes makes sense to create RSA keys, GnuPG will have
this feature on Sep 20th.

> If the WG assigned packet 17 to something else, then there would be a
> problem. As it is now, Packet 17 is effectively assigned to the
> Photo-ID; it just isn't official. I hope the WG makes it so, as the

That is the reason why there are these experimental/private packet
numbers.

These whole compatibilty story to PGP remembers me a bit of the strategy
other (big) verndors are driving. Take a standard, add some nice little
gadget which is not covered by the standard and claim that you use the new
Standard. Microsoft did this recently with Kerberos.

BTW, does PGP 6,7 or whatever now create v4 signature packets or does GnuPG
still need the --force-v3-sigs option?


Werner


p.s. This discussion should be done on the OpenPGP ML.

--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de

On Sat, 15 Apr 2000, Johan Wevers wrote:

> I don't follow the recent pgp development closely, but I thought it's
> source is still available. Is it difficult to write Blowfish modules for
> pgp 6.x like the ones for GnuPG?

First look at the license....


--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de

Werner Koch wrote:

> And with a good reason. 2 years back most folks agredd on that RSA is
> a bad thing.

Due to legal or due to technical reasons? I believe that most cryptographers
believe that when you crack one algorithm you can probably also crack the
other so I guess it are non-technical reasons.

> These whole compatibilty story to PGP remembers me a bit of the strategy
> other (big) verndors are driving. Take a standard, add some nice little
> gadget which is not covered by the standard and claim that you use the new
> Standard. Microsoft did this recently with Kerberos.

The difference here is that MS is not publishing its changes so any tool
that wants to be compatible, like Samba, must reverse-engineer the changes.
That is not the case with the photo-ID packets.

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

Werner Koch wrote:

>>I don't follow the recent pgp development closely, but I thought it's
>>source is still available. Is it difficult to write Blowfish modules for
>>pgp 6.x like the ones for GnuPG?

> First look at the license....

I don't hve the licence here, but the question that would count to me is:
would NAI go and sue when someone writes a patch or plugin module for pgp
for Blowfish? And if so, would they probably win?

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

On Sun, 16 Apr 2000, Johan Wevers wrote:

> Due to legal or due to technical reasons? I believe that most cryptographers
> believe that when you crack one algorithm you can probably also crack the

v3 RSA keys also for technical reasons.

> The difference here is that MS is not publishing its changes so any tool
> that wants to be compatible, like Samba, must reverse-engineer the changes.
> That is not the case with the photo-ID packets.

I have never seen a description of the Photo-ID, although NAI promised a
long time ago to send specs to the WG. I had to do some reverse
engineering on that data packet too.

Werner

--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de

Werner Koch wrote:

> I have never seen a description of the Photo-ID, although NAI promised a
> long time ago to send specs to the WG. I had to do some reverse
> engineering on that data packet too.

And it's also not available in the pgp source?

Anyway, that's a bad thing. If NAI wants this to make it in a future RFC
then they should at least publish it.

--
ir. J.C.A. Wevers // Physics and science fiction site:
johanw@vulcan.xs4all.nl // http://www.xs4all.nl/~johanw/index.html
PGP/GPG public keys at http://www.xs4all.nl/~johanw/pgpkeys.html

On Sun, 16 Apr 2000, L. Sassaman wrote:

> Here's the original proposal:
>
> http://www.imc.org/ietf-open-pgp/mail-archive/msg01196.html

It is dated March 1998 and I can't remember that it ever has been
in a draft nor is it in RFC2440 (November 98). This cleary means, it
is not part of OpenPGP. The WG has decided on this and that is the
entity which decides. During the process of creating OpenPGP the
other implementors did change there apps to be in compliance with the
draft or the final specs, PGP didn't.

Werner


--
Werner Koch OpenPGP key 621CC013
OpenIT GmbH tel +49 211 239577-0
Birkenstr. 12 email wk@openit.de
D-40233 Duesseldorf http://www.openit.de

On Fri, 14 Apr 2000, L. Sassaman wrote:
> On Fri, 14 Apr 2000, Frank Tobin wrote:
[snip]
> > RSA and IDEA are not supported by default in GnuPG because they are not
> > free algorithms. These are SHOULD's in the OpenPGP specifiction. RSA
> > will likely be supported when the patent runs out this fall. IDEA's
> > patent does not run out for several years.
>
> Not following SHOULDs, unless there is a very good reason, is bad.

Wishing not to go to jail for using patented algorithms without a license
is a very good reason, IMHO.

--
Mark H. Wood, Lead System Programmer mwood@IUPUI.Edu
"Where's the kaboom? There was supposed to be an Earth-shattering kaboom!"
-- Marvin Martian, 01/01/2000 00:00:00