DSA signatures1999-03-24 11:30:45Did it ever occur to anyone that allowing different hash algorithms with DSA reduces security rather than increasing it? In DSA signatures, hash algorithm selector is secured only with the selected hash algorithm itself. So, if SHA-1 is insecure, you can forge signatures even if the key owner never uses SHA-1. If SHA-1 is secure, but any other permissible hash algorithm is insecure, you can also forge signatures. That would not be the case if OpenPGP had followed the DSS.
|
|