[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rsa public keys

> >The level of security would decrease as we could not be sure what
> >input formatting was used. It really doesn't matter if we can't be sure
> >what hash function was used, because the chance of sha1 <-> md5
> >collisions ( i.e. having x and y so that  md5(x) = sha1(y) ) is minimal.
> Exactly my thinking, when Burt set me straight.  That's like forgetting your 
> trivial e examples and assuming the choice is between e=3 and e=65537.  
> Eve can invent a stupid hash function.

I don't quite believe in that analogy. If Eve could install a weak
hash function into my SPKI implementation, my security would be lost
anyhow. Using weak exponents is a lot easier -- just issue signatures that
use them.

If you're worried about the cryptographic quality of our hash functions, 
the "rsa-format-hash" scheme does not help much. I could still have weak
links in my certificate chains (as everybody I trust might not know that
algorithm XXX has been broken).

We could define an "authority to judge the quality of a cryptographic
component". That authority could be delegated to CERT, for example.

- Markku-Juhani O. Saarinen <mjos@ssh.fi>

Follow-Ups: References: