Re: Re-secured Algorithm?
From: David Wagner (daw_at_taverner.cs.berkeley.edu)
Date: 08/19/05
- Next message: Unruh: "Re: The Chinese MD5 attack"
- Previous message: Regis: "Re: Re-secured Algorithm?"
- In reply to: Harlan Lieberman-Berg: "Re-secured Algorithm?"
- Next in thread: Harlan Lieberman-Berg: "Re: Re-secured Algorithm?"
- Reply: Harlan Lieberman-Berg: "Re: Re-secured Algorithm?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 18 Aug 2005 22:37:47 +0000 (UTC)
Harlan Lieberman-Berg wrote:
>Hey guys. Due to the recent compromise designed against sha1, and DSA
>requires SHA1 to be completely secure, [...]
DSA doesn't require SHA1. Ok, the standard might claim that you have
to use SHA1, but the algorithm can (as far as I know) be used perfectly
fine with any other hash algorithm (e.g., SHA-2), as long as you adjust
the parameter sizes correspondingly.
Second, if the signer includes an unpredictable nonce in the message before
hashing, then I think DSA is not endangered by the collision attacks on
SHA1 (as far as I know).
Third, the workfactor for the best collision attack on SHA1 currently
known seems to require 2^63 work and a chosen-message attack. That's
certainly not good, but you may not have to panic just yet.
- Next message: Unruh: "Re: The Chinese MD5 attack"
- Previous message: Regis: "Re: Re-secured Algorithm?"
- In reply to: Harlan Lieberman-Berg: "Re-secured Algorithm?"
- Next in thread: Harlan Lieberman-Berg: "Re: Re-secured Algorithm?"
- Reply: Harlan Lieberman-Berg: "Re: Re-secured Algorithm?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
