Re: [GNU Crypto] Documentation

[baz]

Hello,

OK, my last word on the subject of weak keys:

gnu-crypto is a library and therefore should be as flexible and easy to use
as possible. When writing a library it's not always possible to envisage how
that library is going to be used, but one thing is for sure: whenever a
constraint is added to any piece of software then somebody somewhere will no
longer be able to use it.

Allowing the use of weak keys does not make the cryptology the library
provides weak. That is up to the application writer. That person may well be
someone investigating how to crack cipher text encrypted with a weak key.
What you are saying by refusing to allow weak keys is that he/she won't be
able to use this library any more.

Maybe a better example is this: Not everybody will be using this library. In
the real world, organisations pass data around. If my organisation had me
write something to decrypt data sent to us and I used the gnu-crypto library
they'd be happy as it is good and fast. However, they will not be happy when
one day some data arrives that can't be decrypted because the third party
used a weak key. I can imagine the conversation I'd be having with my boss:
"What do you mean you can't decrypt it. That key was used to encrypt it. It
should work for decrypting it too. And after all, it's weak anyway!!"

Do you get where I'm coming from? There is no substitute for good
documentation as it is this which provides the contract between what the
library can do and the person using it. Anyone concerned about this knows
about the problem. Marcel, Raif and myself worry about strong encryption so
we would write applications that bothered to check for weak keys. On the
other hand, a student experimenting might actually want to use weak keys.
After all, as Marcel said, the library should provide something for the user
regarding weak keys, which it does by exposing some methods to call for
checking these things.

>From past experience, I know that somebody would get bitten. After all a
weak key is not an invalid key. The algorithm works fine as data goes in one
end and out the other quite happily.

I'll shut up now.

barry

----- Original Message -----
From: "Raif S. Naffah" <address@hidden>
To: "Marcel Winandy" <address@hidden>; "baz"
<address@hidden>
Cc: "GNU Crypto" <address@hidden>
Sent: Tuesday, May 27, 2003 11:55 AM
Subject: Re: [GNU Crypto] Documentation


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

hello Marcel,

On Tue, 27 May 2003 08:28 pm, Marcel Winandy wrote:
> Hello!
>
> > the issue is effectively whether to include in the makeKey(...)
> > method implementations checks for weak keys (and eventually other
> > massaging functions required by the algorithm) and bailing out with
> > this new exception if the key material is found to be in violation
> > of certain pre-conditions; e.g. weak key.  or, do not apply those
> > checks relying instead on the user alertness for ensuring the
> > quality of the input key material.
> >
> > i'd be also interested in hearing others' opinion on the subject.
>
> The point is whether you want to provide a library with raw
> algorithms or to provide a secure cryptography library. In the former
> case it is up to the user to decide what is a weak key and how to
> treat with it. But in the latter case (and I hope that is what you
> want) the library has to assure that weak keys are rejected or at
> least the user is being warned.

the latter is indeed what i want.


> The last thing is very important because there may be users who are
> not very familiar with cryptography and possibly don't know about
> weak keys or how they defined and what consequences they will have.
>
> The whole thing is about responsibility: who shall make secure
> cryptography - the application programmer or the crypto library? I
> suggest the name of library gives us a hint to answer this
> question...
>
> Ciao,
>  Marcel

- --
cheers;
rsn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Que du magnifique

iD8DBQE+00Qu+e1AKnsTRiERAwbKAKDzNMElsXnoAfniLkpcmHIyRzOtigCgzeIP
6jyREO3MKJ0rG/xt1zTtXog=
=cy50
-----END PGP SIGNATURE-----