Re: Suggested changes for DSA2, take 4
Ben Laurie <ben@algroup.co.uk> Wed, 29 March 2006 17:53 UTC
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org) by megatron.ietf.org with esmtp (Exim 4.43) id 1FOerN-0001vn-Bz for openpgp-archive@lists.ietf.org; Wed, 29 Mar 2006 12:53:33 -0500
Received: from balder-227.proper.com ([192.245.12.227]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1FOerM-00006n-0B for openpgp-archive@lists.ietf.org; Wed, 29 Mar 2006 12:53:33 -0500
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2THUqe3056089; Wed, 29 Mar 2006 10:30:52 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.13.5/8.13.5/Submit) id k2THUqLB056088; Wed, 29 Mar 2006 10:30:52 -0700 (MST) (envelope-from owner-ietf-openpgp@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.links.org (mail.links.org [217.155.92.109]) by balder-227.proper.com (8.13.5/8.13.5) with ESMTP id k2THUpDU056082 for <ietf-openpgp@imc.org>; Wed, 29 Mar 2006 10:30:52 -0700 (MST) (envelope-from ben@algroup.co.uk)
Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id D6F0633C44 for <ietf-openpgp@imc.org>; Wed, 29 Mar 2006 18:30:50 +0100 (BST)
Message-ID: <442AC3D9.9000905@algroup.co.uk>
Date: Wed, 29 Mar 2006 18:28:57 +0100
From: Ben Laurie <ben@algroup.co.uk>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: ietf-openpgp@imc.org
Subject: Re: Suggested changes for DSA2, take 4
References: <20060329163756.GB1001@jabberwocky.com>
In-Reply-To: <20060329163756.GB1001@jabberwocky.com>
X-Enigmail-Version: 0.93.0.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
X-Spam-Score: 0.0 (/)
X-Scan-Signature: cab78e1e39c4b328567edb48482b6a69
David Shaw wrote: > Here is round four. Only little fiddle changes at this point. > > ================================== > > Section 5.2.2 (Version 3 Signature Packet Format) says: > > DSA signatures MUST use hashes with a size of 160 bits, to match q, > the size of the group generated by the DSA key's generator value. > The hash function result is treated as a 160 bit number and used > directly in the DSA signature algorithm. > > change to: > > DSA signatures MUST use hashes that are equal in size to the > number of bits of q, the group generated by the DSA key's > generator value. If the output size of the chosen hash is larger > than the number of bits of q, the hash result is truncated to fit > by taking the number of leftmost bits equal to the number of bits > of q. This (possibly truncated) hash function result is treated > as a number and used directly in the DSA signature algorithm. > > No change. Slightly late to the party here, but I should note that hash truncation is not an operation that is thoroughly approved of. In particular I would worry that if it is permitted a cunning attacker might be able to choose a new q s.t. the signature still validated on a much shorter version of the hash, and thus show a valid signature on the wrong document. I would therefore suggest that we do _not_ permit arbitrary truncation of hashes. Secondly, q is not a group, it is a prime. Cheers, Ben. -- http://www.apache-ssl.org/ben.html http://www.links.org/ "There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
- Suggested changes for DSA2, take 4 David Shaw
- Re: Suggested changes for DSA2, take 4 Ben Laurie
- Re: Suggested changes for DSA2, take 4 "Hal Finney"
- Re: Suggested changes for DSA2, take 4 Ben Laurie
- Re: Suggested changes for DSA2, take 4 Jon Callas