lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Sat, 19 Feb 2005 21:40:55 -0700 (MST)
From: Joel Maslak <jmaslak@...elope.net>
To: bugtraq@...urityfocus.com
Subject: Re: Combining Hashes


On Sat, 19 Feb 2005, Felix Cuello wrote:

> SHA and MD5 are weak algorithms [and we do not use it since now]. But
> what about old digitally signed documents? There is a protocol to
> re-sign our old digitally signed documents [hashed using SHA or MD5]?

Not really.

One solution if someone has a large store of digitally signed documents
where the original signer is not available is to rehash them with a better
algorithm and use that hash to create a digital timestamp (of document +
original signature) that the document existed before this was easily
exploitable.  Then the original signature is still preserved and can be
verified, knowing that if there is a new timestamp of whatever date your
risk assessment decides is too late to be secure any longer, that then
the document was not compromised by these weaknesses.

That assumes of course that these are not trivial weaknesses to exploit.

I still advocate using multiple hashes and public key algorithms to sign
documents - for instance, 5 years ago I would have said to use RSA + MD5
and DSA + SHA1 to create two separate digital signatures for each
document.  I would have said the security was mathematically as strong as
the strongest individual signature.  I would not say that "Well, SHA1 is
168 bits and MD5 is 128 bits, so the security is 168+128 bits."  I would
have said, "I don't want to bet everything on the fact that there isn't
someone that finds a novel way to crack one of these algorithms due to a
weakness no one previously knew about."  None of the mathematical proofs
of strength can account for the "lucky break", but I can account for it
somewhat with risk management and multiple algorithms.

-- 
Joel

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ