On 19/11/13 18:14, ved...@nym.hush.com wrote: > Why does gnupg give these types of error message, as opposed to simply > stating 'decryption failed: bad passphrase' ?? > > What kind of relationship is there between the number listed for the > 'unknown algorithm' and the passphrase string that was given
The passphrase is used to decrypt the concatenation of an octet specifying what cipher was used for the symmetrically-encrypted data packet and the key for that data packet. If you give the wrong passphrase, this comes out as random rubbish, and that first octet specifying the cipher for the data is rubbish as well. This is what GnuPG reports. There is no check if the decryption was succesful; it just results in garbage. After a few tens of tries, I suppose you can actually hit the case where the algorithm identifier is something usable, and GnuPG will probably try to decrypt the data packet with the rubbish it got from the symmetrically encrypted session key packet :). > and might > this be used in any way to try attack gnupg by determining the length of > the passphrase or the correctness of any character in the string ? This line of reasoning is wrong. You are thinking of a system that knows the passphrase, and through its error messages, leaks data about it. But GnuPG knows as much as you. The security of the system is in the encrypted file, not in the program you use to access that file[1]. If GnuPG gave error messages that leaked data and this problem was fixed, you could simply write your own program that gives leaky error messages to you and use that to crack the key. Obviously it doesn't work that way. HTH, Peter. [1] Actually, DRM borders on exactly this: it gives you everything, but then tries to prevent your use of it. Which is why it has been called Broken By Design. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at http://wwwhome.cs.utwente.nl/~lebbing/pubkey.txt _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users