Tom Zerucha <tzeruch(_at_)ceddec(_dot_)com> writes:
We also have a 24 bit CRC which must be implemented for the ASCII armor
and it is even faster. If that is adequate (and faster), why not use it
instead of a cryptographic hash?
ASCII armor is SHOULD, SHA1 is MUST. May people would not feel
comfortable with CRC and there is a chance of an attack on a CRC used
as a MDC.
Why an extra checksum if we already have an MDC?
Because someone was suggesting that if anyone ever changed the algorithm
ID byte they could turn off the MDC. That could be prevented by a
Ah well, I think it is easier to put a copy of the version byte and
the algorithm identifier into the encrypted text:
E(random_prefix[blocksize+2],version_byte,algo_byte,plaintext,mdc_packet)
And I might want to specify other algorithm IDs, e.g. the Palm Pilot has
MD5 (and DES) in the OS kernel, but not SHA1. I would really prefer to
have my MDCs there as MD5, and use 3DES for a minimal Palm implementation.
Makes sense for me. And I think it is better to use OpenPGP
dataformats than to use somethin else or invent another one.
Is it okay to have SHOULD use SHA1-MDC and SHOULD give a warning if
another MDC is used?
Werner
--
Werner Koch at guug.de www.gnupg.org keyid 621CC013