nospam-seesignature@ceddec.com
Mon, 6 Apr 1998 15:09:30 -0400
On Fri, 3 Apr 1998, Werner Koch wrote:
> Hi,
>
> I'm the author of the GNU Privacy Guard, a free PGP replacement.
>
> I'm using ElGamal signatures and wondering what are the advantages of
> packing the Hash into a structure of FF-padding, an ASN-OID and the Hash
> (this is the way PGP does it). None of the values aside of the Hash
> are used because the Hash algorithm is known from other fields in the
> packet. The big drawback is, that I have to do the calculation on a (say)
> 1024 bit number instead of an 160 bit number (the Hash) - PGP 5 only uses
> the 160 bit Hash (due to DSA).
Actually, PGP 5.0i has ElGamal signatures, but they are disabled by a
#define. An advantage might be that other libraries would store signed
hashes using the ASN-OID so you could call them instead of writing your
own, and would be compatible with an enabled PGP5.0i. There is a weakness
with certain generators and under certain conditions, which is why it was
left disabled. The paper describing the weakness was mentioned on the
ietf-Openpgp list, but I don't have the URL handy.
--- reply to tzeruch - at - ceddec - dot - com ---
The following archive was created by hippie-mail 7.98617-22 on Fri Aug 21 1998 - 17:16:52 ADT