Re: Re-secured Algorithm?

From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 08/19/05


Date: Thu, 18 Aug 2005 22:37:47 +0000 (UTC)

Harlan Lieberman-Berg wrote:
>Hey guys. Due to the recent compromise designed against sha1, and DSA
>requires SHA1 to be completely secure, [...]

DSA doesn't require SHA1. Ok, the standard might claim that you have
to use SHA1, but the algorithm can (as far as I know) be used perfectly
fine with any other hash algorithm (e.g., SHA-2), as long as you adjust
the parameter sizes correspondingly.

Second, if the signer includes an unpredictable nonce in the message before
hashing, then I think DSA is not endangered by the collision attacks on
SHA1 (as far as I know).

Third, the workfactor for the best collision attack on SHA1 currently
known seems to require 2^63 work and a chosen-message attack. That's
certainly not good, but you may not have to panic just yet.



Relevant Pages

  • Re-secured Algorithm?
    ... Due to the recent compromise designed against sha1, and DSA ... requires SHA1 to be completely secure, ... it be reasonable to, until DSA-2 comes out, to hash with SHA-2 and encrypt ...
    (sci.crypt)
  • Re: Re-secured Algorithm?
    ... Due to the recent compromise designed against sha1, and DSA ... > requires SHA1 to be completely secure, ... DSS requires SHA-1. ...
    (sci.crypt)
  • Re: How can i Use DSA instead of RSA?
    ... Hash: SHA1 ... > Iīm new in openssh and o donīt know much about security. ... > with DSA keys instead of RSA. ...
    (SSH)
  • Re: SHA1 encryption
    ... SHA1 is a hash algorithm not an encryption algorithm ... There exist various third-party encryption products for SQL Server. ... Steve Kass posted an SHA1 implementation in TSQL here: ...
    (microsoft.public.sqlserver.programming)
  • Digital signature...
    ... Does anyone know how to specify a hash algorithm other than MD5 and SHA1 in ... the RSAPKCS1SignatureDeformatter class? ... SHA1 hashes, but whenever I specify the name of my algorithm and call the ...
    (microsoft.public.dotnet.security)