Phil H wrote:
> I applied the patch to gpg source and compiled as
> recommended in the loop-AES.README. Appears to work
> ok.
>
> Is there any easy way to tell if iteration actually
> has been "slowed down by 128 times" ie that the
> patched gpgp is working as it should?
If you decrypt a file that was encrypted using symmetric cipher only using
unpatched gpg, then debug output says count 96
$ gpg --decrypt -v -v <symmetric-encrypted-file.gpg >/dev/null
^^^^^
:symkey enc packet: version 4, cipher 7, s2k 3, hash 2
salt 9e5efa02e79f57ff, count 96
^^^^^^^^
But a file created using patched gpg says count 208
:symkey enc packet: version 4, cipher 9, s2k 3, hash 2
salt b412e8ba16e3ece9, count 208
^^^^^^^^^
The salt is always unique for each file.
The important point is to *create* the key file using patched version. Both
unpatched and patched versions can decrypt the file by adapting to the count
that was recorded to gpg-encrypted file header.
Just in case you are wondering why those test key files used by loop-AES
"make tests" are encrypted using (unpatched) count 96. That is because of
speed. I wan't that script to run fast even on older hardware.
--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
