Re: draft-ietf-dnsext-dnssec-gost

Basil Dolmatov <> Fri, 12 February 2010 12:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 4828B3A769C for <>; Fri, 12 Feb 2010 04:11:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.129
X-Spam-Status: No, score=-1.129 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HELO_EQ_RU=0.595, HOST_EQ_RU=0.875]
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qvARg8gUFQeG for <>; Fri, 12 Feb 2010 04:11:19 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 1AE7B3A72C6 for <>; Fri, 12 Feb 2010 04:11:18 -0800 (PST)
Received: from [] ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTP id 9F9B746647; Fri, 12 Feb 2010 15:12:30 +0300 (MSK)
Message-ID: <>
Date: Fri, 12 Feb 2010 15:12:30 +0300
From: Basil Dolmatov <>
User-Agent: Thunderbird (X11/20090817)
MIME-Version: 1.0
To: Paul Hoffman <>
Subject: Re: draft-ietf-dnsext-dnssec-gost
References: <p06240806c799d87e7406@[]> <> <> <p06240804c79a234f3ad8@[]>
In-Reply-To: <p06240804c79a234f3ad8@[]>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Cc:, Olafur Gudmundsson <>,
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: IETF-Discussion <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 12 Feb 2010 12:11:20 -0000

Paul Hoffman пишет:

> For example, there is already a published attack on the GOST hash function that does not exist in SHA-256 and SHA-512. 

That "attack" lessens the complexity of building of the collision from 
2**128 operations to 2**109 operations (infinitesimal part of overall 
complexity) and demands padding the meaningful message with several 
kilobytes of additional binary data, which is impossible for any message 
with fixed format.
>The GOST algorithms have had much less cryptographic review than other algorithms. 
...have had much less _published_ cryptographic review... I would say. ;)

These algorithms were thoroughly and intensively reviewed by specialists 
  throughout the world during all years of their existence.

The fact that these algorithms are used without changes for 20, 15 and 
10 years respectively shows that these reviews were not successful.

> If that attack becomes practical, an attacker can create signatures using GOST that he/she could not create in RSA/SHA-256 or RSA/SHA-512.
That "attack" cannot become practical and you know that as well as 
everyone who works with cryptography.