Added a comment

author: http://phil.0x539.de/ <Philipp_Kern@web> 2013-03-05 07:17:08 +0000
committer: admin <admin@branchable.com> 2013-03-05 07:17:08 +0000
commit: 548d205648e9eda6ebd8a082c002a504d7ec9ef0 (patch)
tree: 8878eef6688f40c8d0d33b99fa809392f6b69c26 /doc
parent: 5fccd04a5dc88f88a17b37edeed9d21df7c32897 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/doc/bugs/encryption_key_is_surprising/comment_4_8ec86b8c35bce15337a143e275961cd5._comment b/doc/bugs/encryption_key_is_surprising/comment_4_8ec86b8c35bce15337a143e275961cd5._comment
new file mode 100644
index 000000000..ba5be68d4
--- /dev/null
+++ b/doc/bugs/encryption_key_is_surprising/comment_4_8ec86b8c35bce15337a143e275961cd5._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="http://phil.0x539.de/"
+ nickname="Philipp Kern"
+ subject="comment 4"
+ date="2013-03-05T07:17:08Z"
+ content="""
+You (presumably) hand over 320 bytes of entropy to GPG, but you don't control the encryption key directly. GPG assumes that what it's given as a symmetric key is not at all random. Hence, with the default options (for OpenPGP interop, apparently) it will derive a 128 bit from the given passphrase. For this it uses (again, by default) salted SHA1 on the whole passphrase. So the strength of the cipher is 128 bit CAST5 or an attack on salted SHA1 with a mostly known input length (but this does seem large).
+"""]]
author	http://phil.0x539.de/ <Philipp_Kern@web>	2013-03-05 07:17:08 +0000
committer	admin <admin@branchable.com>	2013-03-05 07:17:08 +0000
commit	548d205648e9eda6ebd8a082c002a504d7ec9ef0 (patch)
tree	8878eef6688f40c8d0d33b99fa809392f6b69c26 /doc
parent	5fccd04a5dc88f88a17b37edeed9d21df7c32897 (diff)