[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: Carl Ellison <cme@cybercash.com>*Subject*: Re: rsa public keys*From*: Markku-Juhani Saarinen <mjos@ssh.fi>*Date*: Tue, 5 Aug 1997 17:55:00 +0300 (EET DST)*Cc*: spki@c2.net, burt@rsa.com*In-Reply-To*: <3.0.3.32.19970805095122.00be5e00@cybercash.com>

> >The level of security would decrease as we could not be sure what > >input formatting was used. It really doesn't matter if we can't be sure > >what hash function was used, because the chance of sha1 <-> md5 > >collisions ( i.e. having x and y so that md5(x) = sha1(y) ) is minimal. > > Exactly my thinking, when Burt set me straight. That's like forgetting your > trivial e examples and assuming the choice is between e=3 and e=65537. > Eve can invent a stupid hash function. I don't quite believe in that analogy. If Eve could install a weak hash function into my SPKI implementation, my security would be lost anyhow. Using weak exponents is a lot easier -- just issue signatures that use them. If you're worried about the cryptographic quality of our hash functions, the "rsa-format-hash" scheme does not help much. I could still have weak links in my certificate chains (as everybody I trust might not know that algorithm XXX has been broken). We could define an "authority to judge the quality of a cryptographic component". That authority could be delegated to CERT, for example. - Markku-Juhani O. Saarinen <mjos@ssh.fi>

**Re: rsa public keys***From*: Carl Ellison <cme@cybercash.com>

**Re: rsa public keys***From*: Carl Ellison <cme@cybercash.com>

- Prev by Date:
**Re: rsa public keys** - Next by Date:
**Re: rsa public keys** - Prev by thread:
**Re: rsa public keys** - Next by thread:
**Re: rsa public keys** - Index(es):