From 58977c73c73c27b1a5d1b994e9b9856e9fe51d03 Mon Sep 17 00:00:00 2001
From: "http://phil.0x539.de/" <Philipp_Kern@web>
Date: Tue, 5 Mar 2013 07:17:08 +0000
Subject: [PATCH] Added a comment

---
 .../comment_4_8ec86b8c35bce15337a143e275961cd5._comment   | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 doc/bugs/encryption_key_is_surprising/comment_4_8ec86b8c35bce15337a143e275961cd5._comment

diff --git a/doc/bugs/encryption_key_is_surprising/comment_4_8ec86b8c35bce15337a143e275961cd5._comment b/doc/bugs/encryption_key_is_surprising/comment_4_8ec86b8c35bce15337a143e275961cd5._comment
new file mode 100644
index 0000000000..ba5be68d4a
--- /dev/null
+++ b/doc/bugs/encryption_key_is_surprising/comment_4_8ec86b8c35bce15337a143e275961cd5._comment
@@ -0,0 +1,8 @@
+[[!comment format=mdwn
+ username="http://phil.0x539.de/"
+ nickname="Philipp Kern"
+ subject="comment 4"
+ date="2013-03-05T07:17:08Z"
+ content="""
+You (presumably) hand over 320 bytes of entropy to GPG, but you don't control the encryption key directly. GPG assumes that what it's given as a symmetric key is not at all random. Hence, with the default options (for OpenPGP interop, apparently) it will derive a 128 bit from the given passphrase. For this it uses (again, by default) salted SHA1 on the whole passphrase. So the strength of the cipher is 128 bit CAST5 or an attack on salted SHA1 with a mostly known input length (but this does seem large).
+"""]]