digest-algo SHA256, SHA-1 attacks

NdK ndk.clanbo at gmail.com
Wed Nov 26 20:31:49 CET 2014

Il 26/11/2014 20:15, Peter Lebbing ha scritto:

> Has something like randomized hashing[2] been considered by the OpenPGP
> standardization people?
Well, IIUC with rhash you're giving the attacker another mean to tamper
with your message. Unless 'r' is chosen deterministically. But then it
can be predicted and could be accounted for... Maybe it could be more
effective to use two different hash functions, one to generate 'r' and
the other on the result?


More information about the Gnupg-users mailing list