[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: uses of MD5 hashes

To: spki@c2.net
Subject: Re: uses of MD5 hashes
From: Michael Richardson <mcr@sandelman.ottawa.on.ca>
Date: Tue, 18 Nov 1997 05:29:24 -0500
In-Reply-To: Your message of "Mon, 17 Nov 1997 00:52:05 EST." <3.0.3.32.19971117005205.009f15b0@cybercash.com>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

>>>>> "Carl" == Carl Ellison <cme@cybercash.com> writes:
    Carl> I'm sorry you got that impression.  We assumed sha1 from the
    Carl> start.  I'll have to scan the draft now to see what gave the
    Carl> impression that it wasn't defined.

    Carl> My examples all used MD5 because I didn't have sha1 code
    Carl> available in my library at the time I generated the
    Carl> examples.

  Perhaps because of the examples.

    Carl> BTW, the deadbeef attack was not a hash attack.  PGP's keyid
    Carl> was the low bits of the public key.

  I was not referring to any specific attack, but rather was just
making up some not-so-random hex digits.

    Carl> I don't know how to work a secret key into our signatures --
    Carl> or does your reading suggest that a non-secret key makes
    Carl> keyed hashes stronger?  (likely, but I haven't seen anything
    Carl> written on the subject)

  I'm not talking about keyed hashing. Rather non-keyed.
  My impression is that a SPKI implementation is going to want to hash
many of the sexp's that it sees. (do hash md5) makes it explicit, but
there are many keys that are referenced by (hash md5 #abcd1234#) that
are assumed to be local.
  Now, if I have to build a btree or some structure to map hashes to 
objects on some way, I'd prefer to build just a single btree.

    Carl> We worry about having a single hash definition.  What
    Carl> happens when the chosen algorithm falters?

  If there is any worry about MD5 as an identity hash function, then
let's use SHA1 from the beginning. If SHA1 fails *as an identity*
function, then we need to chose another hash, agreed. But, I'll need
new code to support it as well.

    >> REMEMBER THIS IS NOT KEYED HASHING.

    Carl> Ah.

]     Where's the sun? Oh there you are. Aren't you late today? | one quark   [
]   Michael Richardson, Sandelman Software Works, Ottawa, ON    | two quark   [
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ | red q blue q[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy");  [

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface

iQB1AwUBNHFuAMmxxiPyUBAxAQH7YwL/dOlD9Zo35UwE3DytH1MywmAwtgk3IB0G
i2lzd7wwiIT6C/7br1q19hxO8Pb8YmyU2KPWU9DdvV9sTNf/NWzdRiUqUNLfyiRE
lQQibSB4lpAWVy2lf62I//MsbQV6ihqQ
=oVAv
-----END PGP SIGNATURE-----

Follow-Ups:

Re: uses of MD5 hashes

From: Carl Ellison <cme@cybercash.com>

References:

Re: uses of MD5 hashes

From: Carl Ellison <cme@cybercash.com>

Prev by Date: Re: matter of semantics
Next by Date: Re: threshold subjects
Prev by thread: Re: uses of MD5 hashes
Next by thread: Re: uses of MD5 hashes
Index(es):
- Main
- Thread