On Thursday 17 February 2005 15:00, David Shaw wrote:
I don't think it's all that easy to just add options to the
fingerprint. Let's say you specified a fingerprint (which is
currently just HASH) with ALGO:HASH. So, my current (SHA-1)
fingerprint would be:
2:7D92FD313AB6F3734CC59CA1DB698D7199242560
Simple enough, but my fingerprint would also be (MD5):
1:B9E4614F2E6FACD8F5DD32010AC50AAC
and even (SHA-512):
10:00C2C9BBF4AC3AD6D45275C041E1EE88AA6B0564F227AD4FBE0F7BBE845B8B47342A94
1A88384A79CFC0858572DCDE326AC21625D7822B2102CA3857669C381B
Allowing multiple representations of the fingerprint allows for all
sorts of problems where an attacker can force a particular hash
algorithm. There is even a warning about this attack (in the context
of signatures) in the draft.
[cut]
Rather than trying to jury-rig something together to allow using other
hashes, I think I would rather just declare a V5 key format (which can
be essentially the same as V4), which uses a different hash.
Why not do both?
If the hash ID used for the fingerprint is part of the key format and
consequently hashed together with the key then there shouldn't be much of
an attack vector left. The only one who can enforce a certain hash to be
used is the key owner, if anybody else tries it ultimately changes the
fingerprint.
Konrad
pgpjev1spvRU3.pgp
Description: PGP signature