RE: [Hash] Charter discussion, round 1
Russ Housley <housley@vigilsec.com> Thu, 16 June 2005 20:11 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Dj0hb-0004XI-JL; Thu, 16 Jun 2005 16:11:03 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1Dj0hZ-0004Wo-Oj for hash@megatron.ietf.org; Thu, 16 Jun 2005 16:11:01 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id QAA05170 for <hash@ietf.org>; Thu, 16 Jun 2005 16:10:56 -0400 (EDT)
Received: from woodstock.binhost.com ([144.202.243.4]) by ietf-mx.ietf.org with smtp (Exim 4.33) id 1Dj14T-0001yl-4H for hash@ietf.org; Thu, 16 Jun 2005 16:34:45 -0400
Received: (qmail 9925 invoked by uid 0); 16 Jun 2005 20:10:30 -0000
Received: from unknown (HELO Russ-Laptop.vigilsec.com) (138.88.149.16) by woodstock.binhost.com with SMTP; 16 Jun 2005 20:10:30 -0000
Message-Id: <6.2.1.2.2.20050616160909.0719a5b0@mail.binhost.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.1.2
Date: Thu, 16 Jun 2005 16:10:21 -0400
To: Robert Zuccherato <robert.zuccherato@entrust.com>
From: Russ Housley <housley@vigilsec.com>
Subject: RE: [Hash] Charter discussion, round 1
In-Reply-To: <7A3E1242FA9989439AD1F9B2D71C287F042741AD@sottmxs05.entrust .com>
References: <7A3E1242FA9989439AD1F9B2D71C287F042741AD@sottmxs05.entrust.com>
Mime-Version: 1.0
X-Spam-Score: 1.1 (+)
X-Scan-Signature: 2beba50d0fcdeee5f091c59f204d4365
Cc: hash@ietf.org
X-BeenThere: hash@lists.ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: hash.lists.ietf.org
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/hash>, <mailto:hash-request@lists.ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/hash>
List-Post: <mailto:hash@lists.ietf.org>
List-Help: <mailto:hash-request@lists.ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/hash>, <mailto:hash-request@lists.ietf.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1854035553=="
Sender: hash-bounces@lists.ietf.org
Errors-To: hash-bounces@lists.ietf.org
Thanks for letting me know about the built-in truncation.
See the proposed charter discussion for phase one below.
Russ
= = = = = = =
The first phase of the working group will specify one or more standards-
track mechanism replace or strengthen SHA-1. Two classes of signature
algorithm need to be considered. In support of RSA, there is no
advantage to reducing the size of a longer hash function output; the
RSA modulus size will easily accommodate large hash function output
values. However, in support of DSA, the hash function output size
needs to match the subgroup size.
The first phase will consider alt least two approaches to strengthen
one-way hash functions:
1) Truncate a larger one-way hash function output so that it can be
used as a secure replacement of a shorter one-way hash function
output. For example, an alternative to SHA-1, the truncation
mechanism could be used create a 160-bit result from the output
of the SHA-256 one-way hash function.
2) Including a random value in the hash function computation. The
random block used is transferred as a parameter in the algorithm
identifier. This approach is sometimes called a "salted" or
"randomized" hash function.
The first phase may also consider other potential solutions, and one or
more standards-track mechanism will be selected.
At 03:59 PM 6/16/2005, Robert Zuccherato wrote:
I think we should remove ECDSA from the justification for a truncated hash. I'm looking at the May 18, 2005 draft which I think will be going for X9F ballot. It clearly states in the signature generation and verification sections that if the hash length is greater than log_2(n) (the subgroup size) then the leftmost log_2(n) bits of the hash function output should be used. Thus, they already appear to have solved this problem.
If a similar approach was taken with DSA (which would have to be changed anyway to use anything other than SHA-1) then much of the justification for the definition of a truncated hash function would disappear.
Robert Zuccherato.
> -----Original Message-----
> From: hash-bounces@lists.ietf.org
> [ mailto:hash-bounces@lists.ietf.org] On Behalf Of Russ Housley
> Sent: June 16, 2005 10:31 AM
> To: Jim Schaad
> Cc: hash@ietf.org
> Subject: RE: [Hash] Charter discussion, round 1
> = = = = = =
>
> Here is the proposed rewording of the charter discussion of phase 1:
>
> The first phase of the working group will specify one or more
> standards- track mechanism replace or strengthen SHA-1. Two
> classes of signature algorithm need to be considered. In
> support of RSA, there is no advantage to reducing the size of
> a longer hash function output; the RSA modulus size will
> easily accomodate large hash function output values.
> However, in support of DSA and ECDSA, the hash function
> output size nees to match the subgroup size.
>
> The irst phase will consider alt least two approches to
> strengthen one-way hash functions:
>
> 1) Truncate a larger one-way hash function output so that it can be
> used as a secure replacement of a shorter one-way hash function
> output. For example, an alternative to SHA-1, the truncation
> mechanism could be used create a 160-bit result from the output
> of the SHA-256 one-way hash function.
>
> 2) Including a random value in the hash function computation. The
> random block used is transferred as a parameter in the algorithm
> identifier. This approach is sometimes called a "salted" or
> "randomized" hash function.
>
> The first phase may also consider other potential solutions,
> and one or more standards-track mechanism will be selected.
>
>
> _______________________________________________
> Hash mailing list
> Hash@lists.ietf.org
> https://www1.ietf.org/mailman/listinfo/hash" rel="nofollow"> https://www1.ietf.org/mailman/listinfo/hash
>
_______________________________________________ Hash mailing list Hash@lists.ietf.org https://www1.ietf.org/mailman/listinfo/hash
- RE: [Hash] Charter discussion, round 1 Robert Zuccherato
- RE: [Hash] Charter discussion, round 1 Russ Housley
- RE: [Hash] Charter discussion, round 1 Paul Hoffman