[kwlug-disc] Using mnemonicode for GPG fingerprints
Chris Frey
cdfrey at foursquare.net
Fri Jul 6 19:55:24 EDT 2012
Yeah, you're right... it's a 64bit issue.
This patch fixes it for me:
diff --git a/mnemonic.h b/mnemonic.h
index 52d7802..ba1d257 100644
--- a/mnemonic.h
+++ b/mnemonic.h
@@ -22,6 +22,8 @@
*/
+#include <stdint.h>
+
#define MN_BASE 1626 /* cubic root of 2^32, rounded u
#define MN_REMAINDER 7 /* extra words for 24 bit remainders */
#define MN_WORDS (MN_BASE+MN_REMAINDER) /* total number of words */
@@ -48,7 +50,7 @@
/* Note that the last format does not fit in a standard 80 character line */
typedef unsigned char mn_byte; /* 8 bit quantity */
-typedef unsigned long mn_word32; /* temporary value, at least 32 bits */
+typedef uint32_t mn_word32; /* temporary value, exactly 32 bits */
/* Range checks assume that mn_index is unsigned (=> can't be <0). --DV */
typedef unsigned int mn_index; /* index into wordlist */
The bug was in the return statement of mn_encode_word_index():
return x % MN_BASE + extra + 1;
where the decimal value of x is different on 32bit vs. 64bit systems
if x is large enough. The hex contents were the same, but the different
int sizes caused the modulus operator to yield a different index.
- Chris
On Fri, Jul 06, 2012 at 06:15:13PM -0400, Bob Jonkman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hmm. I grabbed source from the tree and compiled it last night. I'm
> using a 64-bit version of Ubuntu; could it be a word-size problem?
>
> I see that the translation of the first 8 octets (six mnemonicode
> words) are the same. That's suspiciously close to 64 bits.
>
> I was just reading about the PGP Word List[1] and it seems more robust
> against transposition errors between words, since it uses two lists,
> alternating between two-syllable and three-syllable words. I only
> realized a couple of weeks ago that mmemonicode and the PGP Word List
> aren't the same, nor compatible with each other.
>
> - --Bob.
>
> [1] https://en.wikipedia.org/wiki/PGP_word_list
>
>
>
> On 12-07-06 05:42 PM, Chris Frey wrote:
> > On Fri, Jul 06, 2012 at 02:29:10PM -0400, Bob Jonkman wrote:
> >> $ echo 04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC
> >> E5EA|mnencode -x
> >>
> >> Wordlist ver 0.7 genius version final. alex pablo berlin. cactus
> >> visible pulse dance insect ninja. valery jasmine double
> >
> > My test, using the latest git tree from here:
> >
> > https://github.com/singpolyma/mnemonicode.git
> >
> > Using commit 7a1892563a
> >
> > Gives:
> >
> > $ echo 04F7 742B 8F54 C40A E115 26C2 B912 89B0 D2CC E5EA |
> > ./mnencode -x Wordlist ver 0.7 genius version final. alex pablo
> > berlin. isabel aladdin trivial tunnel lecture heaven. section
> > number plume
> >
> > Which is not the same as yours above.
> >
> > Decoding my results returns the correct fingerprint.
> >
> > So it seems there's a problem with your particular encoder.
> >
> > I'm not sure that mnemonic encoder is an improvement for
> > over-the-phone verification, though. Using something like the
> > phonetic alphabet is probably just as accurate, and doesn't require
> > the receiver to know how to spell all the words you give him. :-)
> >
> > Fortunately, for hex, all we have to memorize are: Alpha, Bravo,
> > Charlie, Delta, Echo, Foxtrot.
> >
> > - Chris
> >
> >
> > _______________________________________________ kwlug-disc mailing
> > list kwlug-disc at kwlug.org
> > http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Ensure confidentiality, authenticity, non-repudiability
>
> iEYEARECAAYFAk/3Y2oACgkQuRKJsNLM5erZZgCg04JDNAWkGyXjV/yWw5ZDH2Y8
> KCIAoJlTE3wVtykpBZ4nw8UUZrd+gLdm
> =es9K
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
More information about the kwlug-disc
mailing list