[tahoe-dev] a crypto puzzle about digital signatures and future compatibility
James A. Donald
jamesd at echeque.com
Tue Sep 1 00:45:04 PDT 2009
Zooko Wilcox-O'Hearn wrote:
>> So the leading bits of the capability have to be an algorithm
>> identifier. If Bob's tool does not recognize the algorithm, it fails,
>> and he has to upgrade to a tool that recognizes more algorithms.
>>
>> If the protocol allows multiple hash types, then the hash has to start
>> with a number that identifies the algorithm. Yet we want that number
>> to comprise of very, very few bits.
> Jim, I'm not sure you understood the specific problem I meant -- I'm
> concerned (for starters) with the problems that arise if we support more
> than one secure hash algorithm *even* when none of the supported secure
> hash algorithms ever becomes crackable!
I proceeded to address that problem. The simplest and most obvious
solution, a self delimiting prefix identifying the hash algorithm
produces no problems whatever in the case that none of the algorithms
become crackable, and only acceptable problems during the transition
period after one of the algorithms becomes cracked.
More information about the tahoe-dev
mailing list