[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: uses of MD5 hashes


>>>>> "Carl" == Carl Ellison <cme@cybercash.com> writes:
    Carl> I'm sorry you got that impression.  We assumed sha1 from the
    Carl> start.  I'll have to scan the draft now to see what gave the
    Carl> impression that it wasn't defined.

    Carl> My examples all used MD5 because I didn't have sha1 code
    Carl> available in my library at the time I generated the
    Carl> examples.

  Perhaps because of the examples.

    Carl> BTW, the deadbeef attack was not a hash attack.  PGP's keyid
    Carl> was the low bits of the public key.

  I was not referring to any specific attack, but rather was just
making up some not-so-random hex digits.

    Carl> I don't know how to work a secret key into our signatures --
    Carl> or does your reading suggest that a non-secret key makes
    Carl> keyed hashes stronger?  (likely, but I haven't seen anything
    Carl> written on the subject)

  I'm not talking about keyed hashing. Rather non-keyed.
  My impression is that a SPKI implementation is going to want to hash
many of the sexp's that it sees. (do hash md5) makes it explicit, but
there are many keys that are referenced by (hash md5 #abcd1234#) that
are assumed to be local.
  Now, if I have to build a btree or some structure to map hashes to 
objects on some way, I'd prefer to build just a single btree.

    Carl> We worry about having a single hash definition.  What
    Carl> happens when the chosen algorithm falters?

  If there is any worry about MD5 as an identity hash function, then
let's use SHA1 from the beginning. If SHA1 fails *as an identity*
function, then we need to chose another hash, agreed. But, I'll need
new code to support it as well.


    Carl> Ah.

]     Where's the sun? Oh there you are. Aren't you late today? | one quark   [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    | two quark   [
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ | red q blue q[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface


Follow-Ups: References: