[kwlug-disc] Using mnemonicode for GPG fingerprints

Chris Frey cdfrey at foursquare.net
Fri Jul 6 19:55:24 EDT 2012


Yeah, you're right... it's a 64bit issue.

This patch fixes it for me:

diff --git a/mnemonic.h b/mnemonic.h
index 52d7802..ba1d257 100644
--- a/mnemonic.h
+++ b/mnemonic.h
@@ -22,6 +22,8 @@
 
 */
 
+#include <stdint.h>
+
 #define MN_BASE                1626            /* cubic root of 2^32, rounded u
 #define MN_REMAINDER   7               /* extra words for 24 bit remainders */
 #define MN_WORDS (MN_BASE+MN_REMAINDER)        /* total number of words */
@@ -48,7 +50,7 @@
 /* Note that the last format does not fit in a standard 80 character line */
 
 typedef unsigned char mn_byte;         /* 8 bit quantity */
-typedef unsigned long mn_word32;       /* temporary value, at least 32 bits */
+typedef uint32_t mn_word32;    /* temporary value, exactly 32 bits */
 /* Range checks assume that mn_index is unsigned (=> can't be <0).  --DV */
 typedef unsigned int mn_index;         /* index into wordlist */
 


The bug was in the return statement of mn_encode_word_index():

	return x % MN_BASE + extra + 1;

where the decimal value of x is different on 32bit vs. 64bit systems
if x is large enough.  The hex contents were the same, but the different
int sizes caused the modulus operator to yield a different index.

- Chris


On Fri, Jul 06, 2012 at 06:15:13PM -0400, Bob Jonkman wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hmm.  I grabbed source from the tree and compiled it last night.  I'm
> using a 64-bit version of Ubuntu; could it be a word-size problem?
> 
> I see that the translation of the first 8 octets (six mnemonicode
> words) are the same.  That's suspiciously close to 64 bits.
> 
> I was just reading about the PGP Word List[1] and it seems more robust
> against transposition errors between words, since it uses two lists,
> alternating between two-syllable and three-syllable words.  I only
> realized a couple of weeks ago that mmemonicode and the PGP Word List
> aren't the same, nor compatible with each other.
> 
> - --Bob.
> 
> [1] https://en.wikipedia.org/wiki/PGP_word_list
> 
> 
> 
> On 12-07-06 05:42 PM, Chris Frey wrote:
> > On Fri, Jul 06, 2012 at 02:29:10PM -0400, Bob Jonkman wrote:
> >> $ echo 04F7 742B 8F54 C40A E115  26C2 B912 89B0 D2CC
> >> E5EA|mnencode -x
> >> 
> >> Wordlist ver 0.7 genius version final. alex pablo berlin. cactus
> >> visible pulse dance insect ninja. valery jasmine double
> > 
> > My test, using the latest git tree from here:
> > 
> > https://github.com/singpolyma/mnemonicode.git
> > 
> > Using commit 7a1892563a
> > 
> > Gives:
> > 
> > $ echo 04F7 742B 8F54 C40A E115  26C2 B912 89B0 D2CC E5EA |
> > ./mnencode -x Wordlist ver 0.7 genius version final. alex pablo
> > berlin. isabel aladdin trivial tunnel lecture heaven. section
> > number plume
> > 
> > Which is not the same as yours above.
> > 
> > Decoding my results returns the correct fingerprint.
> > 
> > So it seems there's a problem with your particular encoder.
> > 
> > I'm not sure that mnemonic encoder is an improvement for
> > over-the-phone verification, though.  Using something like the
> > phonetic alphabet is probably just as accurate, and doesn't require
> > the receiver to know how to spell all the words you give him. :-)
> > 
> > Fortunately, for hex, all we have to memorize are: Alpha, Bravo,
> > Charlie, Delta, Echo, Foxtrot.
> > 
> > - Chris
> > 
> > 
> > _______________________________________________ kwlug-disc mailing
> > list kwlug-disc at kwlug.org 
> > http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> > 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.11 (GNU/Linux)
> Comment: Ensure confidentiality, authenticity, non-repudiability
> 
> iEYEARECAAYFAk/3Y2oACgkQuRKJsNLM5erZZgCg04JDNAWkGyXjV/yWw5ZDH2Y8
> KCIAoJlTE3wVtykpBZ4nw8UUZrd+gLdm
> =es9K
> -----END PGP SIGNATURE-----
> 
> _______________________________________________
> kwlug-disc mailing list
> kwlug-disc at kwlug.org
> http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org



More information about the kwlug-disc mailing list