phasing out SHA1 for digest creation
Rainer Perske
rainer.perske at uni-muenster.de
Fri Dec 6 10:56:06 CET 2024
Hello
Jacob Bachmeyer schrieb am 2024-12-06:
> Better solution: never sign a document exactly as presented to you; always make a small change first. This could be as simple as including a nonce in the signature.
Correct – if the change or nonce is big and random enough (at least about 80 bit of randomness to compensate for the lost 80 bits of security due to the birthday attack, even if that is not a real compensation for multiple reasons), i.e. make many small or few big changes to the content. But the normal user does not know.
> This is from Schneier's /Applied Cryptography/ from many years ago: this problem (and its solution) is old.
Absolutely correct. It is a great book.
But most people do not even see the problem.
Best regards
--
Rainer Perske
Systemdienste + Leiter der Zertifizierungsstelle (UCAM)
--
Universität Münster
CIT - Center for Information Technology
Rainer Perske, Systemdienste
Röntgenstraße 7-13, Raum 006
48149 Münster
Tel.: +49 251 83-31582
E-Mail: rainer.perske at uni-muenster.de
Website: www.uni-muenster.de/IT
Universitätszertifizierungsstelle Münster (UCAM):
Tel.: +49 251 83-31590
E-Mail: ca at uni-muenster.de
WWW: www.uni-muenster.de/CA
YouTube: youtube.com/@uni_muenster
Instagram: instagram.com/uni_muenster
LinkedIn: linkedin.com/school/university-of-muenster
Facebook: facebook.com/unimuenster
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6319 bytes
Desc: S/MIME cryptographic signature
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20241206/5a7fd23c/attachment.bin>
More information about the Gnupg-devel
mailing list