[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: rsa public keys
> >The level of security would decrease as we could not be sure what
> >input formatting was used. It really doesn't matter if we can't be sure
> >what hash function was used, because the chance of sha1 <-> md5
> >collisions ( i.e. having x and y so that md5(x) = sha1(y) ) is minimal.
> Exactly my thinking, when Burt set me straight. That's like forgetting your
> trivial e examples and assuming the choice is between e=3 and e=65537.
> Eve can invent a stupid hash function.
I don't quite believe in that analogy. If Eve could install a weak
hash function into my SPKI implementation, my security would be lost
anyhow. Using weak exponents is a lot easier -- just issue signatures that
If you're worried about the cryptographic quality of our hash functions,
the "rsa-format-hash" scheme does not help much. I could still have weak
links in my certificate chains (as everybody I trust might not know that
algorithm XXX has been broken).
We could define an "authority to judge the quality of a cryptographic
component". That authority could be delegated to CERT, for example.
- Markku-Juhani O. Saarinen <email@example.com>