On Sunday 03 April 2005 18:41, Ben Laurie wrote:
Oh, yes. This left me with an unresolved issue: how does one use
SHA{256,384,512} with DSA (which requires a 160 bit hash).
Simple: you don't. DSA was designed to be used with SHA-1, which is 160 bit.
Since SHA-1 is theoretically broken (practically will probably follow in a
few months) one should see what the NIST makes of it. Supplanting a broken
hash with another hash doesn't make much sense with DSA, since it does not
contain the ID of the hash (as PKCS#1 does for RSA) - so any attacker could
find a collission with the broken hash and then simply change the hash ID
in the signature packet.
Konrad
pgpO2F1HINF1l.pgp
Description: PGP signature