[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: spki@c2.net*Subject*: Re: public key algorithm naming*From*: Hal Finney <hal@rain.org>*Date*: Thu, 12 Mar 1998 10:49:07 -0800*Sender*: owner-spki@c2.net

If you don't put the hash algorithm in the key, then if there were a weak hash algorithm, people could forge signatures using that hash. They could take an existing signature and create a structure which hashes to the same value using the weak hash. The same thing could happen of course if the key had a weak hash algorithm, but probably there are fewer keys than signatures, hence more opportunities to use weak hashes if it is in the signature. Someone can create his key with a strong hash algorithm and be sure that no hash substitutions are possible. If a hash is discovered to be weak, then either the key holder can replace it in his key, or the verifier can know to ignore signatures with the bad hash. If hashes are in the signatures then only the latter course is available, so there is one less way to recover. Hal

**Re: public key algorithm naming***From*: "Angelos D. Keromytis" <angelos@dsl.cis.upenn.edu>**Re: public key algorithm naming***From*: Carl Ellison <cme@cybercash.com>

- Prev by Date:
**Re: The role of trust in certification** - Next by Date:
**Re: public key algorithm naming** - Prev by thread:
**public key algorithm naming** - Next by thread:
**Re: public key algorithm naming** - Index(es):