On Mon, 4 May 2009 17:32, dkg(_at_)fifthhorseman(_dot_)net said:
current fingerprint would be re-written as:
SHA1-0EE5BE979282D80B9F7540F1CCD2ED94D21739E9
Using a number (2) and, say, a dot as a prefix would be a better choice.
We use algorithnm numbers anyway and OpenPGP users are used tp spell a
large row of hex digits; we would only confuse them with an S and an H..
e) allow injection of arbitrary key material at the head of signatures
to allow signers to to avoid a chosen-prefix attack? This would make it
significantly more difficult to predict the hash that someone will sign,
and gives more bandwidth for a subliminal channel...
f) explicit introduction of new hashes/ciphers/asymmetric algorithms?
We should defer such a discussion until there are semi final results
from the SHA-3 contest.
I've probably missed something. What else should be addressed? What
steps are necessary to get the WG back in order again? Or is that not
Right, we should re-establish the WG to no rely on I-Ds by individuals.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Auschnahme regelt ein Bundeschgesetz.