[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: public key algorithm naming




> In message <199803121849.KAA08196@s20.term1.sb.rain.org>, Hal Finney writes:
> >If you don't put the hash algorithm in the key, then if there were a
> >weak hash algorithm, people could forge signatures using that hash.
> >They could take an existing signature and create a structure which hashes
> >to the same value using the weak hash.
> 
> And how is that different from putting the hash algorithm name in the
> signature ? Which is where it belongs anyway, since that's where the
> algorithm is used ?
> - -Angelos

IMO, the hash algorithm you use to sign is as important a part of "you"
as your key parameters are.  It serves to define you as much as anything, 
in the digital world, where everything comes from signatures.  Listing 
your hash algorithm beside your key parameters gives it this important 
meaning - since keys get signed as parts of certificates and are also 
listed in ACLs.  The way I see it, a signature from someone with your 
same key parameters but using a different hash function is not you.

Matt

-- 
Matt Fredette
fredette@bbnplanet.com, fredette@mit.edu, fredette@theory.lcs.mit.edu
http://mit.edu/fredette/www
"The first time the Rolling Stones played, three people came."

References: