Re: Suggested changes for DSA2

[David Shaw <dshaw@xxxxxxxxxxxxxxx>]

On Sun, Mar 26, 2006 at 10:02:18AM -0800, "Hal Finney" wrote:

> > >      * The DSA algorithm will work with any hash, but it is
> > >        sensitive to the quality of the hash algorithm.  An implementation
> > >        should take care which hash algorithms are used with DSA.
> > >        Verifiers should be aware that even if the signer used a strong
> > >        hash, an attacker could have modified a signature to use a
> > >        weak one.  Only signatures issued using acceptably strong hash
> > >        algorithms should be accepted as valid.
> 
> On re-reading this I have two improvements.  The second sentence is
> redundant.  And the last sentence cautions verifiers about what hash
> was used when the sig was "issued", but the verifier doesn't know this
> (that is the point), it only knows what it sees:
> 
>      * The DSA algorithm will work with any hash, but it is
>        sensitive to the quality of the hash algorithm.  Verifiers
>        should be aware that even if the signer used a strong hash,
>        an attacker could have modified a signature to use a weak one.
>        Only signatures using acceptably strong hash algorithms should
>        be accepted as valid.

Yes, I made a similar change in the "round 2" changes for the same
reason.  I've fixed the redundant second sentence for round 3.

David