Re: A review of hash function brittleness in OpenPGP

ietf-openpgp

Re: A review of hash function brittleness in OpenPGP

2009-01-11 12:26:57


* Daniel Kahn Gillmor:

Also, it's quite likely that i've missed things in my reading of the
spec.  If anyone sees any other problematic areas, it would be great to
air them as soon as possible.


There's the issue of V3 keys.

If packet formats are changed once again, it could make sense to
incorporate random blobs near the start of the packets, so that an
attacker cannot predict the internal state of the hash function when a
signature is created.  OpenPGP does not need the convergent property
of hash functions.

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
A review of hash function brittleness in OpenPGP, Daniel Kahn Gillmor Re: A review of hash function brittleness in OpenPGP, tz Re: A review of hash function brittleness in OpenPGP, Daniel Kahn Gillmor Re: A review of hash function brittleness in OpenPGP, Daniel A. Nagy Re: A review of hash function brittleness in OpenPGP, Daniel A. Nagy Re: A review of hash function brittleness in OpenPGP, Jon Callas Re: A review of hash function brittleness in OpenPGP, Ben Laurie Re: A review of hash function brittleness in OpenPGP, Jon Callas Re: A review of hash function brittleness in OpenPGP, Ben Laurie Re: A review of hash function brittleness in OpenPGP, Florian Weimer <= Re: A review of hash function brittleness in OpenPGP, Peter Gutmann

Previous by Date:	Re: A review of hash function brittleness in OpenPGP, Jon Callas
Next by Date:	Re: A review of hash function brittleness in OpenPGP, Peter Gutmann
Previous by Thread:	Re: A review of hash function brittleness in OpenPGP, Ben Laurie
Next by Thread:	Re: A review of hash function brittleness in OpenPGP, Peter Gutmann
Indexes:	[Date] [Thread] [Top] [All Lists]