[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
shishi ./NEWS doc/shishi.texi
From: |
shishi-commit |
Subject: |
shishi ./NEWS doc/shishi.texi |
Date: |
Fri, 19 Sep 2003 16:53:25 -0400 |
CVSROOT: /cvsroot/shishi
Module name: shishi
Branch:
Changes by: Simon Josefsson <address@hidden> 03/09/19 16:53:24
Modified files:
. : NEWS
doc : shishi.texi
Log message:
ARCFOUR fixes.
CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/NEWS.diff?tr1=1.53&tr2=1.54&r1=text&r2=text
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/doc/shishi.texi.diff?tr1=1.81&tr2=1.82&r1=text&r2=text
Patches:
Index: shishi/NEWS
diff -u shishi/NEWS:1.53 shishi/NEWS:1.54
--- shishi/NEWS:1.53 Fri Sep 19 16:29:05 2003
+++ shishi/NEWS Fri Sep 19 16:53:23 2003
@@ -5,6 +5,8 @@
* Version 0.0.7 (unreleased)
** ARCFOUR encryption support according to draft-brezak-win2k-krb-rc4-hmac-04.
+Libgcrypt must be built with --enable-ciphers=arcfour, otherwise you
+will get a runtime error.
* Version 0.0.6 (released 2003-09-14)
Index: shishi/doc/shishi.texi
diff -u shishi/doc/shishi.texi:1.81 shishi/doc/shishi.texi:1.82
--- shishi/doc/shishi.texi:1.81 Sun Sep 14 18:33:28 2003
+++ shishi/doc/shishi.texi Fri Sep 19 16:53:23 2003
@@ -337,13 +337,20 @@
@section Cryptographic Overview
Shishi implements several of the standard cryptographic primitives.
-Here are the names of the supported encryption suites, with some notes
-on their status and there associated checksum suite. They are ordered
-by increased security as perceived by the author.
+In this section we give the names of the supported encryption suites,
+and some notes about them, and their associated checksum suite.
+
+Statements such as ``it is weak'' should be read as meaning that there
+is no credible security analysis of the mechanism available, and/or
+that should an attack be published publicly, few people would likely
+be surprised. Also keep in mind that the key size mentioned is the
+actual key size, not the effective key space as far as a brute force
+attack is concerned.
@cindex DES
@cindex 3DES
@cindex AES
address@hidden ARCFOUR
@table @code
@@ -353,6 +360,19 @@
decryption are identity functions. No integrity protection. It is
weak. It is associated with the @code{NULL} checksum.
address@hidden arcfour-hmac
address@hidden arcfour-hmac-exp
+
address@hidden are a proprietary stream cipher with 56 bit
+(@code{arcfour-hmac-exp}) or 128 bit (@code{arcfour-hmac}) keys, used
+in a proprietary way described in an expired IETF draft
address@hidden Deriving keys from
+passwords is supported, and is done by computing a message digest
+(MD4) of a 16-bit Unicode representation of the ASCII password, with
+no salt. Data is integrity protected with a keyed hash (HMAC-MD5),
+where the key is derived from the base key in a creative way. It is
+weak. It is associated with the @code{arcfour-hmac-md5} checksum.
+
@item des-cbc-crc
@code{des-cbc-crc} is DES encryption and decryption with 56 bit keys
@@ -432,6 +452,16 @@
@code{NULL} is a dummy checksum suite for debugging. It provides no
integrity. It is weak. It is compatible with the @code{NULL}
encryption mechanism.
+
address@hidden arcfour-hmac-md5
+
address@hidden is a keyed HMAC-MD5 checksum computed on a MD5
+message digest, in turn computed on a four byte message type indicator
+concatenated with the application data. (The @code{arcfour}
+designation is thus somewhat misleading, but since this checksum
+mechanism is described in the same document as the @code{arcfour}
+encryption mechanisms, it is not a completely unnatural designation.)
+It is weak. It is compatible with all encryption mechanisms.
@item rsa-md4
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- shishi ./NEWS doc/shishi.texi,
shishi-commit <=