RFC Errata
RFC 4880, "OpenPGP Message Format", November 2007
Note: This RFC has been obsoleted by RFC 9580
Note: This RFC has been updated by RFC 5581
Source of RFC: openpgp (sec)
Errata ID: 2198
Status: Rejected
Type: Technical
Publication Format(s) : TEXT
Reported By: Constantin Hagemeier
Date Reported: 2010-04-28
Rejected by: Sean Turner
Date Rejected: 2010-07-20
Section 3.7.1.3. says:
Initially, one or more hash contexts are set up as with the other S2K algorithms, depending on how many octets of key data are needed. Then the salt, followed by the passphrase data, is repeatedly hashed until the number of octets specified by the octet count has been hashed.
It should say:
Initially, one or more hash contexts are set up as with the other S2K algorithms, depending on how many octets of key data are needed. Then the concatenation of salt and passphrase data is repeated sufficiently often and concatenated. The concatenation is truncated to the number of octets specified by the octet count. The truncated concatenation is hashed.
Notes:
Did I get it right? If not, clearify it.
There are a lot of interpretations of the fuzzy instruction.
E.g. it could be repeat{data:=truncate(concatenate(hash(data)))} until
the octet count is exceeded. And it is still unclear weather you have to
count for each hash context separately and weather you have to count the
preloads, too.
--VERIFIER NOTES--
Submitter does not even know if the erratum is correct.