Re: Digital Signature Lifetime

From: Stephan Neuhaus (neuhaus_at_cs.uni-sb.de)
Date: 07/25/03

• Next message: Wendel: "Re: SQL Injection ASP+SQL Server (problem) !?"
• Previous message: M Askew: "FORCE BROWSER TO USE 40-BIT ENCRYPTION"
• In reply to: Christian: "Re: Digital Signature Lifetime"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 25 Jul 2003 12:55:35 +0200

Christian wrote:
> "Bjorn Randell" <Bjorn@AlphaMale.me.uk> wrote in message news:<bfjpn8$fm7q6$1@ID-192011.news.uni-berlin.de>...
>
>>"Christian" <christian@it-oeckinghaus.de> wrote in message
>>news:12b6f66f.0307210047.3c8e6c2d@posting.google.com...
>>
>>>Hi ng,
>>>
>>>we're digitally signing documents sending them to customers and
>>>storing them in a DB. The documents' lifetime is several years ( can
>>>be 10 and more ).
>>>
>>>We're using SHA1/RSA with key strength of 2048.
>>>Even though this key strength is regarded safe today, it won't be safe
>>>in some years.
>>
>>I'm pretty sure SHA1 at that key length will be safe enough for a lot more
>>than 10 years. What research have you got to say that it might not be so
>>safe? Drop some links, I would be interested.
>
>
> By the way, I'd be pretty much interested in resources about the
> estimated lifetime ( i.e. how long it is considered safe ) of digital
> signatures.

(I'm quoting the entire article here because my answer might be relevant
to all posters.)

This is not entirely what you wanted, but if you can read German (and at
least one of you probably can :-) ), there is an article by Ralf
Schneider, "Erhalt der Beweiskraft elektronischer Signaturen durch
Neusignatur", published in D.A.CH Security, syssec, 2003, ISBN
3-00-010941-2, that has information on what you want to know. It covers
the consequences of the German digital signature act, which makes
digital signatures legally equal to handwritten ones (under certein
conditions).

It doesn't have predictions on the security of RSA or SHA1 per se, but
rather asks how digital signatures can be saved even if the mechanisms
that were used to produce them become gradually unsafe. (A far more
important question from a practical standpoint, IMHO.)

HTH, HAND,

Stephan

---

• Next message: Wendel: "Re: SQL Injection ASP+SQL Server (problem) !?"
• Previous message: M Askew: "FORCE BROWSER TO USE 40-BIT ENCRYPTION"
• In reply to: Christian: "Re: Digital Signature Lifetime"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Access 2007: Digital signatures are lost in ADE files ... Subject: Access 2007: Digital signature is lost when you create ADE files. ... We have been using digital signatures for years to deploy MS ... warning (maybe the warning is not exactly as this, ... Microsoft Office Access Security Notice ... (microsoft.public.access.adp.sqlserver) Re: Hey Matt! OT: not dogs... ... people who play with Paul get killfiled. ... on crap doesn't make the crap okay, it just means that you've got a ... core security function, not sure why you're sneezing at it. ... I'm not saying that digital signatures ... (rec.pets.dogs.behavior) Re: BK Licence: Protocols and Research ... >> If you managed to stay close then we'd put digital signatures ... This is part of the reason for certain monopolists adding "security ... features" to their newer file formats. ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel) Re: Hey Matt! OT: not dogs... ... think you don't understand digital signatures. ... A valid signature on crap ... mechanism to verify the authenticity of the crap. ... Authentication is THE core security ... (rec.pets.dogs.behavior) clueless about digital signatures and such ... our test machines and now I'm getting messages pop up about unsafe ... digital signatures and security and such. ... around with their security settings. ... (microsoft.public.vb.general.discussion)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)