> From: Joseph Ashwood [mailto:[EMAIL PROTECTED]]
> > From: "Darryl Wagoner" <[EMAIL PROTECTED]>
> > Subject: security in small signatures
> > I was wondering if using a 6 characters check signature (0-9A-Z)
> > could provide any trust level?
> > Are we talking about mins, hours, days or weeks to crack?
> You'd be looking at a fraction of a second. You'd be looking at a work
> effort of 36^3 = 216.
I'm sure Joseph knows all the following, but just to clarify:
With "36^3" Joseph's referring to finding two pre-images that hash to the
same image. For that attack, the work effort would indeed be 36^3. It's
not clear from Darryl's query whether his protocol is vulnerable to such an
attack (since we don't know what his protocol is for), but it's unlikely
that it isn't.
Finding a pre-image that hashes to a given image is effort 36^6, but that's
still only equivalent to about a 31-bit hash. (6 * lg(36), where "lg" is
logarithm base 2, is about 31.) Too short.
> Since you chose DSA (which won't work, you need the
> entire signature to verify DSA or any other signature algorithm) I'll just
> use it's numbers:
> 36^3 = 216
> DSA sign = 1.77 milliseconds
> (http://www.eskimo.com/~weidai/benchmarks.html)
> Time = 216*1.77 milliseconds = 0.38 seconds
> To find a collision.
And the choice of algorithm doesn't make much difference. Even if you're
not worried about birthday attacks, 31 bits is not a big space. Unless your
hash takes a *long* time to compute on even very fast equipment (in which
case it's rather useless as a hash), an attacker will find a suitable
pre-image very quickly.
> If you're looking for small signatures I'd recommend that you take a look
at
> the Cryptonessie signatures (http://www.cryptonessie.org) A few of them
> offer small signatures.
But note in general that small signatures aren't going to be very secure.
Michael Wojcik [EMAIL PROTECTED]
MERANT
Department of English, Miami University
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
