IETF Logo Mail Archive

Re: How to Calculate Signatures?

Jon Callas <jon@callas.org> Mon, 04 April 2005 14:29 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id KAA12805 for <openpgp-archive@lists.ietf.org>; Mon, 4 Apr 2005 10:29:31 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j34E9RVk030785; Mon, 4 Apr 2005 07:09:27 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j34E9RHb030784; Mon, 4 Apr 2005 07:09:27 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from merrymeet.com (merrymeet.com [63.73.97.162]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j34E9QZU030775 for <ietf-openpgp@imc.org>; Mon, 4 Apr 2005 07:09:26 -0700 (PDT) (envelope-from jon@callas.org)
Received: from keys.merrymeet.com (63.73.97.166) by merrymeet.com with ESMTP (Eudora Internet Mail Server X 3.2.6); Mon, 4 Apr 2005 06:42:54 -0700
Received: from [172.16.1.2] ([12.111.6.59]) by keys.merrymeet.com (PGP Universal service); Mon, 04 Apr 2005 06:42:54 -0700
X-PGP-Universal: processed; by keys.merrymeet.com on Mon, 04 Apr 2005 06:42:54 -0700
In-Reply-To: <20050403193929.0812057EBA@finney.org>
References: <20050403193929.0812057EBA@finney.org>
Mime-Version: 1.0 (Apple Message framework v619.2)
Content-Type: text/plain; charset="US-ASCII"; delsp="yes"; format="flowed"
Message-Id: <effed478a4d7372c4ae45acd2b8a13cd@callas.org>
Content-Transfer-Encoding: 7bit
Cc: ietf-openpgp@imc.org
From: Jon Callas <jon@callas.org>
Subject: Re: How to Calculate Signatures?
Date: Mon, 04 Apr 2005 06:44:21 -0700
To: hal@finney.org
X-Mailer: Apple Mail (2.619.2)
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

On 3 Apr 2005, at 12:39 PM, Hal Finney wrote:

> For all of these reasons, I am tempted to allow the SHA-2 family with
> current DSA keys, as an interim measure pending the move to DSS-2.
>
> FIPS 180, which defines the SHA family, had a change notice to add  
> SHA-224,
> a truncated form of SHA-256.  This document,
> <http://csrc.nist.gov/publications/fips/fips180-2/fips180 
> -2withchangenotice.pdf>,
> describes truncation of hash algorithms on page 73:
>
> "Some applications may require a hash function with an output size  
> (i.e.,
> message digest size) different than those provided by the hash  
> functions
> in this Standard. In such cases, a truncated hash output may be used,
> whereby a hash function with a larger output size is applied to the
> data to be hashed, and the resulting output (i.e., message digest) is
> truncated by selecting an appropriate number of the leftmost bits. For
> example, if an output of 96 bits is desired, the SHA256 hash function
> could be used (e.g., because it is available to the application), and
> the leftmost 96 bits of the output are selected as the message digest,
> discarding the rightmost 160 bits of the SHA-256 output."
>

This is the reason that Beta 1 of PGP 9.0 allowed SHA-256, and did  
precisely that. However, we decided that that was pushing things, and  
it's not going to be in Beta 2.

	Jon

v2.23.0 | Report a Bug | By Email