[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*To*: Hal Finney <hal@rain.org>*Subject*: Re: public key algorithm naming*From*: Carl Ellison <cme@cybercash.com>*Date*: Thu, 12 Mar 1998 16:14:06 -0500*Cc*: spki@c2.net*In-Reply-To*: <199803121849.KAA08196@s20.term1.sb.rain.org>*Sender*: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE----- At 10:49 AM 3/12/98 -0800, Hal Finney wrote: >If you don't put the hash algorithm in the key, then if there were a >weak hash algorithm, people could forge signatures using that hash. >They could take an existing signature and create a structure which hashes >to the same value using the weak hash. > >The same thing could happen of course if the key had a weak hash >algorithm, but probably there are fewer keys than signatures, hence more >opportunities to use weak hashes if it is in the signature. Someone can >create his key with a strong hash algorithm and be sure that no hash >substitutions are possible. > >If a hash is discovered to be weak, then either the key holder can replace >it in his key, or the verifier can know to ignore signatures with the >bad hash. If hashes are in the signatures then only the latter course >is available, so there is one less way to recover. Hal, I believe that all 3 of the options I listed (I), (II) and (III) prevent someone sneaking up with a weak hash algorithm and faking a claim of signature on a document of their choice. It's just that in (II) and (III), there's an additional structure involved. Next time I get to my LINUX machine, I'll generate examples of the three ways and post them. - Carl -----BEGIN PGP SIGNATURE----- Version: PGP for Personal Privacy 5.5.3 iQCVAwUBNQhQHRN3Wx8QwqUtAQGzfQP/RYL2w537j9TXYPmwzxnjn8PjCYjbK6PA phm1eTMc7x3CKOwUDIhG3K1MwifBt2cL+uqLQdjUap/e4AcdscXF0Iuwn1n1CO35 5CPYUmpfEFTRSduTtQkskBNABleLrxg+XdxpunmWdWljlhsBdo6Ngr4NAcAvy7Q8 B5GsRtW9GQ4= =IfXA -----END PGP SIGNATURE----- +------------------------------------------------------------------+ |Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme | |CyberCash, Inc. http://www.cybercash.com/ | |207 Grindall Street PGP 08FF BA05 599B 49D2 23C6 6FFD 36BA D342 | |Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 | +------------------------------------------------------------------+

**Re: public key algorithm naming***From*: Hal Finney <hal@rain.org>

- Prev by Date:
**Re: public key algorithm naming** - Next by Date:
**Re: The role of trust in certification** - Prev by thread:
**Re: public key algorithm naming** - Next by thread:
**Re: public key algorithm naming** - Index(es):