Fwd: KWallet weaknesses

Dirk Mueller mueller at kde.org
Tue Dec 9 00:09:19 GMT 2003

On Monday 08 December 2003 23:10, Werner Koch wrote:

> Either PKCS#5 or the S2K code from OpenPGP.  Here is an implementation
> under the GPL from gnupg-1.9/agent/protect.c derived from gnupg:

This doesn't seem to be selfcontained. 

> > b) You said that the version numbers will allow replay attacks. Though I
> > don't
> I talked about a rollback attack, that is at one time you change the
> algorithm because a weakness was found in Blowfish and under certain
> conditions an attacker might be able to trick you to use Blowfish
> again even you are using the modern-ultra-resistant-algorithm. 

In such a case we would support the old protocol for importing. As long as we 
don't write the old blowfish then I can not see how one can possibly perform 
such an rollback attack. 

> There 
> is no immediate need but you should think about it when you allow for
> different algorithms.  BTW, even Schneier is not anymore certain of
> his Blowfish; all other modern algorithm have meanwhile been better
> analyzed than Blowfish.

Which one would you recommend?

More information about the kde-core-devel mailing list