[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: uses of MD5 hashes
-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Carl" == Carl Ellison <email@example.com> writes:
Carl> I'm sorry you got that impression. We assumed sha1 from the
Carl> start. I'll have to scan the draft now to see what gave the
Carl> impression that it wasn't defined.
Carl> My examples all used MD5 because I didn't have sha1 code
Carl> available in my library at the time I generated the
Perhaps because of the examples.
Carl> BTW, the deadbeef attack was not a hash attack. PGP's keyid
Carl> was the low bits of the public key.
I was not referring to any specific attack, but rather was just
making up some not-so-random hex digits.
Carl> I don't know how to work a secret key into our signatures --
Carl> or does your reading suggest that a non-secret key makes
Carl> keyed hashes stronger? (likely, but I haven't seen anything
Carl> written on the subject)
I'm not talking about keyed hashing. Rather non-keyed.
My impression is that a SPKI implementation is going to want to hash
many of the sexp's that it sees. (do hash md5) makes it explicit, but
there are many keys that are referenced by (hash md5 #abcd1234#) that
are assumed to be local.
Now, if I have to build a btree or some structure to map hashes to
objects on some way, I'd prefer to build just a single btree.
Carl> We worry about having a single hash definition. What
Carl> happens when the chosen algorithm falters?
If there is any worry about MD5 as an identity hash function, then
let's use SHA1 from the beginning. If SHA1 fails *as an identity*
function, then we need to chose another hash, agreed. But, I'll need
new code to support it as well.
>> REMEMBER THIS IS NOT KEYED HASHING.
] Where's the sun? Oh there you are. Aren't you late today? | one quark [
] Michael Richardson, Sandelman Software Works, Ottawa, ON | two quark [
] firstname.lastname@example.org http://www.sandelman.ottawa.on.ca/ | red q blue q[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
-----END PGP SIGNATURE-----