[Top] [All Lists]

Re: DSA hash algorithms

2005-02-25 13:07:16

* "Hal Finney" wrote:
(Although RIPEMD-160 has not been attacked, the earlier RIPEMD hash was
broken last year, and it seems plausible that the new attacks could work
against RIPEMD-160 as well.)

IBTD. By the same argument applies to the SHA-2 family. It is senseless.

I suggest that we do one of two things.  We could change the spec to
require SHA-1 with DSA keys, and then when NIST comes out with DSA-2
which uses SHA-2 (which they have been promising for years now), we will
then support the larger hashes.  Or we could change the spec to allow
any hash >= 160 bits to be used with DSA keys.  We could follow the NIST
recommendation in
and use just the left 160 bits of the larger hash.

Because every hash of 160bit will do, I'd propose to be as flexible as
possible. We can provide a general statement about hashes in all contexts:
 "If the digest is larger than expected, only the leftmost bits count."

I do not know if those truncated hashes provide the same level of security ...

<Prev in Thread] Current Thread [Next in Thread>