Re: How to Calculate Signatures?
hal@finney.org ("Hal Finney") Sun, 03 April 2005 19:50 UTC
Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA22346 for <openpgp-archive@lists.ietf.org>; Sun, 3 Apr 2005 15:50:27 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j33JWFWs054390; Sun, 3 Apr 2005 12:32:15 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j33JWFBR054389; Sun, 3 Apr 2005 12:32:15 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from finney.org (226-132.adsl2.netlojix.net [207.71.226.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j33JWEsd054380 for <ietf-openpgp@imc.org>; Sun, 3 Apr 2005 12:32:14 -0700 (PDT) (envelope-from hal@finney.org)
Received: by finney.org (Postfix, from userid 500) id 2563D57EBA; Sun, 3 Apr 2005 12:45:40 -0700 (PDT)
To: ietf-openpgp@imc.org
Subject: Re: How to Calculate Signatures?
Message-Id: <20050403194540.2563D57EBA@finney.org>
Date: Sun, 03 Apr 2005 12:45:40 -0700
From: hal@finney.org
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Ben Laurie writes: > The hash does include the ID of the hash, and hence the signature does. Unfortunately, that doesn't protect against the attack. The ID of SHA-1 is 2 and the ID of RIPEMD-160 is 3. If SHA-1 were broken badly enough it's entirely possible that we could find m1 and m2 such that: SHA1 (2 || m1) == RIPEMD160 (3 || m2). The mere fact that you feed the hash algorithm ID into the hash algorithm doesn't stop you from finding collisions with a different, broken hash algorithm. The situation is different with RSA, where you do: RSA_Sign (Alg ID || Hash). Now, it is impossible to get collisions using two different algorithm ID's because the algorithm ID is outside the hash. Hal
- How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? "Hal Finney"
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? Konrad Rosenbaum
- Re: How to Calculate Signatures? Ian G
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? "Hal Finney"
- Re: How to Calculate Signatures? "Hal Finney"
- Re: How to Calculate Signatures? Ian G
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? Ian G
- Re: How to Calculate Signatures? Ian G
- Re: How to Calculate Signatures? "Hal Finney"
- Re: How to Calculate Signatures? Jon Callas
- Re: How to Calculate Signatures? Jon Callas
- Re: How to Calculate Signatures? Ian G
- Re: How to Calculate Signatures? Jon Callas
- Re: How to Calculate Signatures? Ben Laurie
- Re: How to Calculate Signatures? "Hal Finney"
- Re: How to Calculate Signatures? David Shaw
- Re: How to Calculate Signatures? Jon Callas
- Re: How to Calculate Signatures? David Shaw
- Re: How to Calculate Signatures? Konrad Rosenbaum