gcry_cipher_setkey(h,k,l)
Timo Schulz
twoaday@freakmail.de
Mon, 22 Apr 2002 21:59:17 +0200
On Mon Apr 22 2002; 21:36, Rüdiger Sonderfeld wrote:
> > crack the passphrase with a dictionary attack. Then he could decrypt
> > the encrypted session key...
>
> I meant the encrypted session key because it is crypted with a too
> short key (the MD5 sum)
That's right, the secret (256 bits) would be protected by a {160,128}-bit
SHA/RMD160/MD5 key. But if you read some protocol specifications, for
example RFC2440, you'll see they use the same procedure for symmetric
encryption.
Timo