We have a problem with asymmetric crypto: We currently use DSA for SSKs. DSA, as specified in FIPS 186-2, has a 1024 bit keylength and the message hash must be 160 bit SHA-1. We have 3 DSA groups in freenet/crypt/Global.java. Each of these has a 1024 bit p and a 160 bit q, which in practice means that SSK pubkeys (or node pubkeys when we use it for authentication) will be 1024 bits, and we can only use a 160-bit hash. FIPS 186-2 does not specify specific groups, but explains how to create your own groups in a secure manner.
In the last year or so, a Chinese cryptographer, Professor Wang, has devised a (so far theoretical, as it is 2^69) attack on SHA-1. Since "attacks always get better" (Bruce Schneier I think), it is prudent to move to SHA-256, which has a longer output length, and is less likely to be subject to the same attacks. Therefore, in Freenet 0.7 we use SHA-256 as our hash function everywhere. There are other hash functions we could use, but only SHA-256 has sufficient credibility. Therefore, we have a problem: - Our existing groups can only handle 160-bit message hashes. - Our existing groups are 1024 bit for keys. This is too short. Longer keys would be more secure. Should we: a) Adapt the method from FIPS 186-2 for generating groups, and create a new group with 1536 or 2048 bits p, and 256 bits q? (Can the specified method produce weak/dangerous groups?) b) Stick with 160-bit hashes and small keys for now? (We may be stuck with it until 1.0 if so...) c) Do something else? References: http://en.wikipedia.org/wiki/Digital_Signature_Algorithm http://csrc.nist.gov/cryptval/dss.htm -- Matthew J Toseland - toad at amphibian.dyndns.org Freenet Project Official Codemonkey - http://freenetproject.org/ ICTHUS - Nothing is impossible. Our Boss says so. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 189 bytes Desc: Digital signature URL: <https://emu.freenetproject.org/pipermail/devl/attachments/20051219/4ec1cedd/attachment.pgp>
