Re: RSASSA-PSS using a wounded hash function



"Noob" <root@xxxxxxxxx> wrote in message news:h6jpuf$tne$1@xxxxxxxxxxx
I'm using LTC to add RSASSA-PSS from to a slow (130 MHz) STB.

I was considering using a "weak" hash function, in order to slow the boot as
little as possible.

I strongly suggest reconsidering that, cryptographic wounds are not flesh wounds, best case the wound festers and slowly poisons.

What breaks if I use MD5?

Everything.

Is SHA-1 considered collision-resistant?
Is it still OK to use SHA-1?

SHA-1 should be considered marginal. It is not critical to rip it out of current products, but it is a bad idea to use it for anything new. Since your target is likely designed to remain in market for longer than 6 months I suggest you consider your alternatives. It would also be very helpful for you to consult with a cryptanalyst on the design in depth, there are many little mistakes that we've all seen that can be very hard to understand.
Joe

.