Mark Delany wrote:
On Wed, Feb 15, 2006 at 08:08:37PM +0000, Stephen Farrell allegedly wrote:
also valid. However, sha-1 has been *seriously* weakened: 2^63 is a
And regardless of whether hash-collision based attacks are actually
I'm not saying that the "MUST sha-256" argument is compelling, but
Can we seperate this discussion into another thread please?
I was wanting to solely discuss mechanisms in this thread.
Fair enough, but the problem is that the suggested scheme seems to
be vulnerable if the less desirable hash algs are broken for collisions.
That's exactly the problem seen with current hash functions.
The signer might mark the rsa-md5 signature with "U=crap-alg" but the
attacker can happily generate a colliding message with no "U=" at all.
Is the scheme still worthwhile if that's the case? Or, have I
misinterpreted your scheme?
NOTE WELL: This list operates according to