On Tue, 16 Sep 1997, Jon Callas wrote:
Is there any actual restrictions that DSS *must* use SHA1? It should be
able to use any hash that the user selects. It is my understanding that
the hash algorithim & the encryption algorithm should be independent of
each other (I could be wrong as I have not done an indepth study of that
section of code in 5.0).
There is kinda sorta a restriction that DSS must use SHA1. DSS is the
Digital Signature Standard, and part of that standard is the Secure Hash
Algorithm. If you're not using SHA1, then you're not following that
standard. So, as far as Layer Nine (the political layer) is concerned, you
have to, but the math is a different question. A signature system that uses
DSA with RIPEMD160 may be perfectly valid, but it's not DSS.
That's why I said "kinda sorta." It's certainly germane to this list to
discuss DSS variants, but they're not DSS.
But PGP 5.0 has a test in DSAPubKey.c such that if the hash algorithm is
not SHA1, then it doesn't even bother doing the math (around line 172 if I
remember - for those with source). It might be better to give a
"nonstandard algorithm" warning.