[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: public key algorithm naming
-----BEGIN PGP SIGNED MESSAGE-----
To: Hal Finney <email@example.com>
Subject: Re: public key algorithm naming
Date: 03/12/98, 16:00:29
In message <199803121849.KAA08196@s20.term1.sb.rain.org>, Hal Finney writes:
>If you don't put the hash algorithm in the key, then if there were a
>weak hash algorithm, people could forge signatures using that hash.
>They could take an existing signature and create a structure which hashes
>to the same value using the weak hash.
And how is that different from putting the hash algorithm name in the
signature ? Which is where it belongs anyway, since that's where the
algorithm is used ?
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.4, an Emacs/PGP interface
-----END PGP SIGNATURE-----