Kevin Hilton (21.10.2008 22:52): >> If the hash output is not enough, then extra 0x00 byte will be added to >> your passphrase and hashed again to produce additional and different >> hashing output. If even this isn't enough, then two 0x00 bytes will be >> added and hashed again, and so on. > > > Ok -- so just some points of clarification. What is the default > s2k-digest-algo? Lets say its SHA1 or for the point of argument I set > it to be SHA1. SHA1 always produces 160 bit resultants. Say I want > to use the AES256 cipher. If I am understanding what has been > reported previously, this requires a 256 bit key. If the process you > described above works, wouldn't a 160 bit hash always be produced? > Just to clarify in my own mind your process -- If the hash output is > not enough and an extra 0x00 byte (which I think you are telling me > 0x00 = 256 0 bits) is added to the passphrase and then rehashed with > SHA1 - wouldn't another 160 bit hash be produced again? How would a > 256 bit hash ever be produced is the SHA1 hash was always used.
Just use both processes one after another: first produce two SHA-1 hashes which will give you 320 bits of output, then take first 256 bits for the key and discard what's left. > Thanks -- I have a feeling I'm getting off in left field here and > missing some understanding of some basic concepts. -- SATtva | security & privacy consulting www.vladmiller.info | www.pgpru.com
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
