[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: public key algorithm naming
> In message <199803121849.KAA08196@s20.term1.sb.rain.org>, Hal Finney writes:
> >If you don't put the hash algorithm in the key, then if there were a
> >weak hash algorithm, people could forge signatures using that hash.
> >They could take an existing signature and create a structure which hashes
> >to the same value using the weak hash.
>
> And how is that different from putting the hash algorithm name in the
> signature ? Which is where it belongs anyway, since that's where the
> algorithm is used ?
> - -Angelos
IMO, the hash algorithm you use to sign is as important a part of "you"
as your key parameters are. It serves to define you as much as anything,
in the digital world, where everything comes from signatures. Listing
your hash algorithm beside your key parameters gives it this important
meaning - since keys get signed as parts of certificates and are also
listed in ACLs. The way I see it, a signature from someone with your
same key parameters but using a different hash function is not you.
Matt
--
Matt Fredette
fredette@bbnplanet.com, fredette@mit.edu, fredette@theory.lcs.mit.edu
http://mit.edu/fredette/www
"The first time the Rolling Stones played, three people came."
References: