IETF Logo Mail Archive

Re: How to Calculate Signatures?

Ben Laurie <ben@algroup.co.uk> Sun, 03 April 2005 19:04 UTC

Received: from above.proper.com (above.proper.com [208.184.76.39]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id PAA18846 for <openpgp-archive@lists.ietf.org>; Sun, 3 Apr 2005 15:04:50 -0400 (EDT)
Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j33IsuwK052014; Sun, 3 Apr 2005 11:54:56 -0700 (PDT) (envelope-from owner-ietf-openpgp@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j33IsuCb052013; Sun, 3 Apr 2005 11:54:56 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-openpgp@mail.imc.org using -f
Received: from mail.links.org (mail.links.org [217.155.92.109]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j33IstXm052006 for <ietf-openpgp@imc.org>; Sun, 3 Apr 2005 11:54:55 -0700 (PDT) (envelope-from ben@algroup.co.uk)
Received: from [193.133.15.218] (localhost [127.0.0.1]) by mail.links.org (Postfix) with ESMTP id D99EA33C33; Sun, 3 Apr 2005 19:54:54 +0100 (BST)
Message-ID: <42503B87.4090509@algroup.co.uk>
Date: Sun, 03 Apr 2005 19:52:55 +0100
From: Ben Laurie <ben@algroup.co.uk>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Ian G <iang@systemics.com>
Cc: ietf-openpgp@imc.org
Subject: Re: How to Calculate Signatures?
References: <20050402201614.31E9157EE9@finney.org> <425005AE.5030105@algroup.co.uk> <42501CD7.4070005@algroup.co.uk> <200504031948.22079@zaphod.konrad.silmor.de> <4250389F.4050301@systemics.com>
In-Reply-To: <4250389F.4050301@systemics.com>
X-Enigmail-Version: 0.89.6.0
X-Enigmail-Supports: pgp-inline, pgp-mime
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-openpgp@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-Unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
List-ID: <ietf-openpgp.imc.org>
Content-Transfer-Encoding: 7bit

Ian G wrote:
> 
> Konrad Rosenbaum wrote:
> 
>> On Sunday 03 April 2005 18:41, Ben Laurie wrote:
>>
>>> Oh, yes. This left me with an unresolved issue: how does one use
>>> SHA{256,384,512} with DSA (which requires a 160 bit hash).
>>
>>
>>
>> Simple: you don't. DSA was designed to be used with SHA-1, which is 
>> 160 bit. Since SHA-1 is theoretically broken (practically will 
>> probably follow in a few months) one should see what the NIST makes of 
>> it. Supplanting a broken hash with another hash doesn't make much 
>> sense with DSA, since it does not contain the ID of the hash (as 
>> PKCS#1 does for RSA) - so any attacker could find a collission with 
>> the broken hash and then simply change the hash ID in the signature 
>> packet.
> 
> 
> 
> I would agree with that.  There was some discussion
> on the user's list about an attempt at producing a
> code path to use SHA256... which seemed to confuse
> the issue.
> 
> Would it be a good idea to put in a statement
> explicitly limiting OpenPGP's view of DSS to be
> SHA1 only?  And add a comment perhaps that in the
> light of weaknesses in SHA1, that RSA with a fatter
> digest be used instead as a workaround?

The cost of that is that anyone with a DSA key is screwed. Seems like a 
last resort to me.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

v2.23.0 | Report a Bug | By Email