Sum algorithm for fingerprint
5 views
Skip to first unread message
Tio Oscar
Jun 26, 2015, 12:58:19 AM6/26/15
to “perspectives-dev@googlegroups.com”
Hi, thanks to the other thread about "understanding notary reply", I realized the response have a unique fingerprint:
<key fp="e7:c7:57:de:0d:a7:78:62:b1:db:5f:1c:19:bb:e4:49" type="ssl">
And this response with only one hash fingerprint, it's can result on a fingerprint cloning attack, although this is difficult, in the absence of information about the size of the key is possible with a keys of lower key size.
I think we need to send the fingerprint in the two most common hash algorithms, so:
<key type="ssl">
<fp type="md5">...</fp>
<fp type="sha1">...</fp>
Maybe with another format, to increment the collision probabilities, too we can send more information like the key size and etc.
I sorry my enlgish, I hope has been clear.
<key fp="e7:c7:57:de:0d:a7:78:62:b1:db:5f:1c:19:bb:e4:49" type="ssl">
And this response with only one hash fingerprint, it's can result on a fingerprint cloning attack, although this is difficult, in the absence of information about the size of the key is possible with a keys of lower key size.
I think we need to send the fingerprint in the two most common hash algorithms, so:
<key type="ssl">
<fp type="md5">...</fp>
<fp type="sha1">...</fp>
Maybe with another format, to increment the collision probabilities, too we can send more information like the key size and etc.
I sorry my enlgish, I hope has been clear.
Dave Schaefer
Jul 8, 2015, 12:14:22 AM7/8/15
to perspect...@googlegroups.com
Hi Tio,
Yes, the hash algorithm definitely needs to be updated. I would like
to use SHA256 or SHA512, both of which have much stronger collision
resistance and preimage resistance. Ideally we would compute both and
you can select the one(s) you want to see.
Upgrading the hash is an important issue on the Perspectives
Roadmap[1], and we have a separate ticket in GitHub for the server
portion[2] if you want to follow along. It is high priority on the
list once I add some testability to the scanner itself, to make sure
everything is working correctly.
Hope that helps
[1] https://github.com/danwent/Perspectives/wiki/Perspectives-Roadmap
[2] https://github.com/danwent/Perspectives-Server/issues/22
Yes, the hash algorithm definitely needs to be updated. I would like
to use SHA256 or SHA512, both of which have much stronger collision
resistance and preimage resistance. Ideally we would compute both and
you can select the one(s) you want to see.
Upgrading the hash is an important issue on the Perspectives
Roadmap[1], and we have a separate ticket in GitHub for the server
portion[2] if you want to follow along. It is high priority on the
list once I add some testability to the scanner itself, to make sure
everything is working correctly.
Hope that helps
[1] https://github.com/danwent/Perspectives/wiki/Perspectives-Roadmap
[2] https://github.com/danwent/Perspectives-Server/issues/22
Tio Oscar
Jul 9, 2015, 1:29:51 PM7/9/15
to perspect...@googlegroups.com
Ok, I start to watch the repo. Thanks
--
You received this message because you are subscribed to the Google Groups "perspectives-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to perspectives-d...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages