Re: [dm-crypt] Whirlpool in gcrypt <= 1.5.3 broken (if writes in chunks)?

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Werner Koch <wk@gnupg.org>
To: Milan Broz <gmazyland@gmail.com>
Cc: dm-crypt <dm-crypt@saout.de>, gcrypt-devel@gnupg.org
Subject: Re: [dm-crypt] Whirlpool in gcrypt <= 1.5.3 broken (if writes in chunks)?
Date: Fri, 17 Jan 2014 21:26:10 +0100	[thread overview]
Message-ID: <87sismz76l.fsf@vigenere.g10code.de> (raw)
In-Reply-To: <52D975A3.6080609@gmail.com> (Milan Broz's message of "Fri, 17 Jan 2014 19:25:39 +0100")

On Fri, 17 Jan 2014 19:25, gmazyland@gmail.com said:

> Is my assumption that all whirlpool implementations before
> libgcrypt 1.6.0 are broken if used this way?

Right.  Now why are you using a non-standard algorithm and then also hit
the 62 byte problem :-(

Anyway, I see that we need to do something about it.  Changing the
correct implementation is not a good idea but I would be possible to add
a bug emulation flag.  We do something similar in GnuPG to workaround a
pgp-2 incompatibility.

I can see two ways to implement it: If you only hash small amounts of
data, retrying with the hash operation with the bug emulation flag set
would be the easiest way.  The other option would be to implement a
variant of Whirlpool with this bug not fixed.  Then you could add this
as a second hash algorithm to the same context and hash only one.  That
is practical for streamed data but it does not save time because it
always hashes twice (could be optimized but we would end up with quite
some complexity). 

I would really prefer to add a bug emulation flag so that you could go
and re-encrypt the data on the fly (using the fixed Whirlpool or SHA-x
for better performance).

Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

next prev parent reply	other threads:[~2014-01-17 21:18 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-01-17 18:25 [dm-crypt] Whirlpool in gcrypt <= 1.5.3 broken (if writes in chunks)? Milan Broz
2014-01-17 20:26 ` Werner Koch [this message]
2014-01-17 20:58   ` Milan Broz
2014-01-19 14:13     ` Werner Koch
2014-01-19 19:49       ` Milan Broz
2014-01-20  7:56         ` Werner Koch

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87sismz76l.fsf@vigenere.g10code.de \
    --to=wk@gnupg.org \
    --cc=dm-crypt@saout.de \
    --cc=gcrypt-devel@gnupg.org \
    --cc=gmazyland@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.