diff options
| author | Nick Mathewson <nickm@torproject.org> | 2009-09-23 11:45:54 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2009-10-15 15:17:13 -0400 |
| commit | 0bce0161dded650ac6fa665a7b861d6faac9e91c (patch) | |
| tree | 2c4b465774c40101044b1eb4d2f4e360e3a4f4b7 /doc/spec | |
| parent | 3471057486a8aef0be6e74b090a3173e0794c84b (diff) | |
| download | tor-0bce0161dded650ac6fa665a7b861d6faac9e91c.tar tor-0bce0161dded650ac6fa665a7b861d6faac9e91c.tar.gz | |
Revise proposal 162: SHA256(x), not SHA256(SHA256(x))
The point of doing SHA256 twice is, generally, is to prevent message
extension attacks where an attacker who knows H(A) can calculate
H(A|B). But for attaching a signature to a document, the attacker
already _knows_ A, so trying to keep them from calculating H(A|B) is
pointless.
Diffstat (limited to 'doc/spec')
| -rw-r--r-- | doc/spec/proposals/162-consensus-flavors.txt | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/doc/spec/proposals/162-consensus-flavors.txt b/doc/spec/proposals/162-consensus-flavors.txt index 56a0b0e1a..e257205bb 100644 --- a/doc/spec/proposals/162-consensus-flavors.txt +++ b/doc/spec/proposals/162-consensus-flavors.txt @@ -148,11 +148,10 @@ Spec modifications: 4.1. The "sha256" signature format. The 'SHA256' signature format for directory objects is defined as - the RSA signature of the OAEP+-padded SHA256 digest of the SHA256 - digest of the item to be signed. When checking signatures, - the signature MUST be treated as valid if the signature material - begins with SHA256(SHA256(document)); this allows us to add other - data later. + the RSA signature of the OAEP+-padded SHA256 digest of the item to + be signed. When checking signatures, the signature MUST be treated + as valid if the signature material begins with SHA256(document); + this allows us to add other data later. Considerations: |