Re: How to tell if gpg patch is working

[Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx>]

Phil H wrote:
> I applied the patch to gpg source and compiled as
> recommended in the loop-AES.README.  Appears to work
> ok.
> 
> Is there any easy way to tell if iteration actually
> has been "slowed down by 128 times" ie that the
> patched gpgp is working as it should?

If you decrypt a file that was encrypted using symmetric cipher only using
unpatched gpg, then debug output says count 96

$ gpg --decrypt -v -v <symmetric-encrypted-file.gpg >/dev/null
                ^^^^^

:symkey enc packet: version 4, cipher 7, s2k 3, hash 2
        salt 9e5efa02e79f57ff, count 96
                               ^^^^^^^^        

But a file created using patched gpg says count 208

:symkey enc packet: version 4, cipher 9, s2k 3, hash 2
        salt b412e8ba16e3ece9, count 208
                               ^^^^^^^^^        
        
The salt is always unique for each file.

The important point is to *create* the key file using patched version. Both
unpatched and patched versions can decrypt the file by adapting to the count
that was recorded to gpg-encrypted file header.

Just in case you are wondering why those test key files used by loop-AES
"make tests" are encrypted using (unpatched) count 96. That is because of
speed. I wan't that script to run fast even on older hardware.

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/