[Top] [All Lists]

Re: SHA-1 broken

2005-02-17 23:59:48
On Thursday 17 February 2005 15:00, David Shaw wrote:
I don't think it's all that easy to just add options to the
fingerprint.  Let's say you specified a fingerprint (which is
currently just HASH) with ALGO:HASH.  So, my current (SHA-1)
fingerprint would be:


Simple enough, but my fingerprint would also be (MD5):


and even (SHA-512):


Allowing multiple representations of the fingerprint allows for all
sorts of problems where an attacker can force a particular hash
algorithm.  There is even a warning about this attack (in the context
of signatures) in the draft.
Rather than trying to jury-rig something together to allow using other
hashes, I think I would rather just declare a V5 key format (which can
be essentially the same as V4), which uses a different hash.

Why not do both?

If the hash ID used for the fingerprint is part of the key format and 
consequently hashed together with the key then there shouldn't be much of 
an attack vector left. The only one who can enforce a certain hash to be 
used is the key owner, if anybody else tries it ultimately changes the 


Attachment: pgpjev1spvRU3.pgp
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>