nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-27 22:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Revise proposal 162: SHA256(x), not SHA256(SHA256(x))

Browse Source 
The point of doing SHA256 twice is, generally, is to prevent message
extension attacks where an attacker who knows H(A) can calculate
H(A|B).  But for attaching a signature to a document, the attacker
already _knows_ A, so trying to keep them from calculating H(A|B) is
pointless.
This commit is contained in:
Nick Mathewson 2009-09-23 11:45:54 -04:00
parent 3471057486
commit 0bce0161dd
1 changed files with 4 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/spec/proposals/162-consensus-flavors.txt
View File

@ -148,11 +148,10 @@ Spec modifications:
4.1. The "sha256" signature format.
The 'SHA256' signature format for directory objects is defined as
the RSA signature of the OAEP+-padded SHA256 digest of the SHA256
digest of the item to be signed. When checking signatures,
the signature MUST be treated as valid if the signature material
begins with SHA256(SHA256(document)); this allows us to add other
data later.
the RSA signature of the OAEP+-padded SHA256 digest of the item to
be signed. When checking signatures, the signature MUST be treated
as valid if the signature material begins with SHA256(document);
this allows us to add other data later.
Considerations: