Fwd: KWallet weaknesses
Dirk Mueller
mueller at kde.org
Tue Dec 9 00:09:19 GMT 2003
On Monday 08 December 2003 23:10, Werner Koch wrote:
> Either PKCS#5 or the S2K code from OpenPGP. Here is an implementation
> under the GPL from gnupg-1.9/agent/protect.c derived from gnupg:
This doesn't seem to be selfcontained.
> > b) You said that the version numbers will allow replay attacks. Though I
> > don't
> I talked about a rollback attack, that is at one time you change the
> algorithm because a weakness was found in Blowfish and under certain
> conditions an attacker might be able to trick you to use Blowfish
> again even you are using the modern-ultra-resistant-algorithm.
In such a case we would support the old protocol for importing. As long as we
don't write the old blowfish then I can not see how one can possibly perform
such an rollback attack.
> There
> is no immediate need but you should think about it when you allow for
> different algorithms. BTW, even Schneier is not anymore certain of
> his Blowfish; all other modern algorithm have meanwhile been better
> analyzed than Blowfish.
Which one would you recommend?
More information about the kde-core-devel
mailing list