[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GNU Crypto] how to deal with weak keys. was: Documentation
From: |
Casey Marshall |
Subject: |
Re: [GNU Crypto] how to deal with weak keys. was: Documentation |
Date: |
Wed, 28 May 2003 09:47:22 -0700 |
User-agent: |
Mutt/1.4i |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, May 28, 2003 at 08:29:15PM +1000, Raif S. Naffah wrote:
> ok. i see the benefit of allowing even weak keys to go through the
> implementation. i double checked all the FIPS publications relevant to
> DES, and couldnt find even a warning about weak keys!
>
> here is what i propose; it's similar to what we already do in the PRNG
> class: use of conditional compilation.
>
> * add in each cipher implementation which is known to exhibit weak, or
> semi-weak keys, a private static final boolean CHECK_WEAK_KEYS with a
> default value. in the makeKey() method we add the code to check for
> weak keys conditioned by the value of CHECK_WEAK_KEYS.
>
> * in the code, distinguish the case of weak keys with a new exception
> that is a subclass of InvalidKeyException. this way the code will
> remain backward compatible.
>
> * add a warning in the documentation, incl. the README about the set
> default for CHECK_WEAK_KEYS, and how the user can change it to get the
> desired effect if it is not set to the appropriate value.
>
> how does this sound?
>
I like the idea of making the check optional, but how about making this
a property? Perhaps in a global, static property set, somewhat akin to
the properties contained in java.security.Security?
- --
Casey Marshall || address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+1OgTgAuWMgRGsWsRAmvEAJ9yj/xq1GzE9B/VORiYrrSvzjdktgCggVdq
YFZIO+rES1IeOg0kA5qDX6c=
=l3Eu
-----END PGP SIGNATURE-----
- Re: [GNU Crypto] Documentation, (continued)
- Re: [GNU Crypto] Documentation, Raif S. Naffah, 2003/05/26
- Re: [GNU Crypto] Documentation, baz, 2003/05/26
- Re: [GNU Crypto] Documentation, Raif S. Naffah, 2003/05/27
- Re: [GNU Crypto] Documentation, Marcel Winandy, 2003/05/27
- Re: [GNU Crypto] Documentation, Raif S. Naffah, 2003/05/27
- Re: [GNU Crypto] Documentation, baz, 2003/05/27
- Re: [GNU Crypto] Documentation, Casey Marshall, 2003/05/27
- [GNU Crypto] how to deal with weak keys. was: Documentation, Raif S. Naffah, 2003/05/28
- Re: [GNU Crypto] how to deal with weak keys. was: Documentation, Simon Josefsson, 2003/05/28
- Re: [GNU Crypto] how to deal with weak keys. was: Documentation, Raif S. Naffah, 2003/05/28
- Re: [GNU Crypto] how to deal with weak keys. was: Documentation,
Casey Marshall <=
- Re: [GNU Crypto] how to deal with weak keys. was: Documentation, Raif S. Naffah, 2003/05/28
- Re: [GNU Crypto] how to deal with weak keys. was: Documentation, Casey Marshall, 2003/05/28
- Re: [GNU Crypto] how to deal with weak keys. was: Documentation, Raif S. Naffah, 2003/05/28
- Re: [GNU Crypto] how to deal with weak keys. was: Documentation, Casey Marshall, 2003/05/28
- Re: [GNU Crypto] how to deal with weak keys. was: Documentation, Marcel Winandy, 2003/05/29
- Re: [GNU Crypto] how to deal with weak keys. was: Documentation, Raif S. Naffah, 2003/05/30
- Re: [GNU Crypto] how to deal with weak keys. was: Documentation, Raif S. Naffah, 2003/05/30
- Re: [GNU Crypto] how to deal with weak keys. was: Documentation, Casey Marshall, 2003/05/30
- Re: [GNU Crypto] how to deal with weak keys. was: Documentation, Raif S. Naffah, 2003/05/30
- Re: [GNU Crypto] how to deal with weak keys. was: Documentation, Marcel Winandy, 2003/05/31