Questions about generating keys (hash firewalls)
Robert J. Hansen
rjh at sixdemonbag.org
Fri Aug 24 22:15:18 CEST 2007
Oskar L. wrote:
> calculators designed to show very large numbers can show the result. Now I
> compare all the hashes from one picture to all the hashes from the other.
Doing a birthday attack is highly nontrivial. E.g., to do a birthday
attack on SHA256 requires a minimum, a _minimum_, of over 10**17 joules
to be liberated as heat. That's about as much as you'd get from an
entire full-out strategic nuclear exchange between the US and Russia.
You're talking global climate change at that point, along with potential
mass extinction of humanity. It's not pretty.
> Do hash firewalls have any drawbacks (performance decrease, difficult to
> implement, patent issues etc.)? What's the reason DSA doesn't have one?
Historical reasons. Nobody ever thought DSA would be used with anything
other than SHA-1, so if there's only one approved hash function, there's
no need for a hash firewall.
DSS explicitly requires SHA-1 as a hash.
More information about the Gnupg-users