[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: public key algorithm naming

To: Hal Finney <hal@rain.org>
Subject: Re: public key algorithm naming
From: Carl Ellison <cme@cybercash.com>
Date: Thu, 12 Mar 1998 16:14:06 -0500
Cc: spki@c2.net
In-Reply-To: <199803121849.KAA08196@s20.term1.sb.rain.org>
Sender: owner-spki@c2.net

-----BEGIN PGP SIGNED MESSAGE-----

At 10:49 AM 3/12/98 -0800, Hal Finney wrote:
>If you don't put the hash algorithm in the key, then if there were a
>weak hash algorithm, people could forge signatures using that hash.
>They could take an existing signature and create a structure which hashes
>to the same value using the weak hash.
>
>The same thing could happen of course if the key had a weak hash
>algorithm, but probably there are fewer keys than signatures, hence more
>opportunities to use weak hashes if it is in the signature.  Someone can
>create his key with a strong hash algorithm and be sure that no hash
>substitutions are possible.
>
>If a hash is discovered to be weak, then either the key holder can replace
>it in his key, or the verifier can know to ignore signatures with the
>bad hash.  If hashes are in the signatures then only the latter course
>is available, so there is one less way to recover.

Hal,

	I believe that all 3 of the options I listed (I), (II) and (III)
prevent someone sneaking up with a weak hash algorithm and faking a claim
of signature on a document of their choice.  It's just that in (II) and
(III), there's an additional structure involved.

Next time I get to my LINUX machine, I'll generate examples of the three
ways and post them.

 - Carl

-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3

iQCVAwUBNQhQHRN3Wx8QwqUtAQGzfQP/RYL2w537j9TXYPmwzxnjn8PjCYjbK6PA
phm1eTMc7x3CKOwUDIhG3K1MwifBt2cL+uqLQdjUap/e4AcdscXF0Iuwn1n1CO35
5CPYUmpfEFTRSduTtQkskBNABleLrxg+XdxpunmWdWljlhsBdo6Ngr4NAcAvy7Q8
B5GsRtW9GQ4=
=IfXA
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

References:

Re: public key algorithm naming

From: Hal Finney <hal@rain.org>

Prev by Date: Re: public key algorithm naming
Next by Date: Re: The role of trust in certification
Prev by thread: Re: public key algorithm naming
Next by thread: Re: public key algorithm naming
Index(es):
- Main
- Thread