Re: How to Calculate Signatures?

ietf-openpgp

Re: How to Calculate Signatures?

2005-04-03 10:48:30

On Sunday 03 April 2005 18:41, Ben Laurie wrote:

Oh, yes. This left me with an unresolved issue: how does one use
SHA{256,384,512} with DSA (which requires a 160 bit hash).


Simple: you don't. DSA was designed to be used with SHA-1, which is 160 bit. 
Since SHA-1 is theoretically broken (practically will probably follow in a 
few months) one should see what the NIST makes of it. Supplanting a broken 
hash with another hash doesn't make much sense with DSA, since it does not 
contain the ID of the hash (as PKCS#1 does for RSA) - so any attacker could 
find a collission with the broken hash and then simply change the hash ID 
in the signature packet.


        Konrad

pgpO2F1HINF1l.pgp
Description: PGP signature

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
How to Calculate Signatures?, Ben Laurie Re: How to Calculate Signatures?, "Hal Finney" Re: How to Calculate Signatures?, Ben Laurie Re: How to Calculate Signatures?, Ben Laurie Re: How to Calculate Signatures?, Ben Laurie Re: How to Calculate Signatures?, Konrad Rosenbaum <= Re: How to Calculate Signatures?, Ian G Re: How to Calculate Signatures?, Ben Laurie Re: How to Calculate Signatures?, Ian G Re: How to Calculate Signatures?, Ben Laurie Re: How to Calculate Signatures?, Konrad Rosenbaum Re: How to Calculate Signatures?, "Hal Finney" Re: How to Calculate Signatures?, Ben Laurie Re: How to Calculate Signatures?, Ian G Re: How to Calculate Signatures?, Jon Callas Re: How to Calculate Signatures?, Jon Callas

Previous by Date:	Re: How to Calculate Signatures?, Ben Laurie
Next by Date:	Re: How to Calculate Signatures?, Ian G
Previous by Thread:	Re: How to Calculate Signatures?, Ben Laurie
Next by Thread:	Re: How to Calculate Signatures?, Ian G
Indexes:	[Date] [Thread] [Top] [All Lists]