[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: rsa public keys
-----BEGIN PGP SIGNED MESSAGE-----
At 05:55 PM 8/5/97 +0300, Markku-Juhani Saarinen wrote:
>> Exactly my thinking, when Burt set me straight. That's like forgetting your
>> trivial e examples and assuming the choice is between e=3 and e=65537.
>> Eve can invent a stupid hash function.
>
>I don't quite believe in that analogy. If Eve could install a weak
>hash function into my SPKI implementation, my security would be lost
>anyhow. Using weak exponents is a lot easier -- just issue signatures that
>use them.
We should probably take this off-list, since it feels like a debate which won't
end.
The issue isn't installing a weak hash in *your* implementation, but Eve's
producing her own implementation with the weak hash, which together with
diddled signatures lets her take something to court to demonstrate a claim or
make trouble. That possibility is eliminated when we designate the hash
as part of the key.
- Carl
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Charset: noconv
iQCVAwUBM+dEEVQXJENzYr45AQHjIAP/f9KVnQf7TbWATlfpuQrc+ENyy6rL3NGT
fEMDuhMvHO3FHzh3GAChMaH/2cRwYxEDwDYoU5sJ1XQB6MJDBmGpfk9WgJ6ipCYn
OrU1tvnEQd6kP5o1nwhkmj5Tq0STybfvAKrD8Nz/ZG/btUETWwrAH8uCW8Sljhs0
2wAlta+m2vk=
=6woZ
-----END PGP SIGNATURE-----
+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+
References: