Thank you
VanMortel
Doing that is not something that IDEA does. Perhaps a program that uses
IDEA may do that, but how to do that is not part of the standard that
defines IDEA, so any such program can do it in its own way, even a bad
one, and still truthfully claim that it is a program that uses IDEA.
How PGP makes keys from pass phrases is documented, and it does it in a
careful way and does it well.
However, if your password is "Hello", no matter how well the key is made,
as long as someone knows which program you use, he can still try every
word in the dictionary, and he will find the word "Hello" quickly. It is
inherently impossible, if your password does not have very much entropy,
for the key produced from it as a result to have any more entropy - to be
any harder to guess - than the password itself. It may _look_ like 128
bits that are random, but if the intended recipient of your message only
needs to type "Hello" to read it, and the eavesdropper knows which
encryption program you are using (you should assume this: it is one of
Kerchoff's principles) then those 128 bits, no matter how they are made,
are as easy to guess as the word "Hello".
So even if you find your answer, it may not be as useful as you just might
have been hoping.
John Savard
> I want to know how IDEA makes from a simple password like : Hello
> a 128 bits key that is use for the encryption algorithm?
Ages ago, I had the same question; so I looked at the PGP source code
(version 2.3 or something like that). I found that for "conventional"
encryption (the -c option) that PGP uses an MD5 hash of the pass phrase to
use as the key for the symmetric encyption.
I don't think that that is formally part of IDEA.
-j
--
Jeffrey Goldberg http://www.goldmark.org/jeff/
Relativism is the triumph of authority over truth, convention over justice
I rarely read top-posted, over-quoting or HTML postings.
It doesn't. IDEA only speicifes that you pass it a 128-bit string for use.
Tom
"VanMortel" <van_m...@hotmail.com> wrote in message
news:%uN09.191$OK6....@wagner.videotron.net...
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.380 / Virus Database: 213 - Release Date: 24/07/2002