[dnssec-deployment] DNSSEC in Russia
dol at cryptocom.ru
Fri Apr 3 06:28:30 EDT 2009
Paul Hoffman пишет:
> At 4:59 PM -0400 4/2/09, Edward Lewis wrote:
>> At 13:18 -0700 4/2/09, Paul Hoffman wrote:
>>> ...with a signature algorithm that has had little cryptographic analysis done
>>> that could be verified by other cryptographers (and for which there is
>>> already some damaging analysis that can be found trivially with Google).
>>> Why should the root sign with such an algorithm?
>> Why shouldn't it?
Sorry to intervene into DNSsec thread with cryptographic stuff but it
seems necessary in order to break the hypnotism of the only speaker
repeating some mantra to audience.
> Because signing with a weak algorithm can lead to cryptographic attacks on the data that is signed. In specific, if the hash algorithm has a preimage attack (as has already been suggest for GOST in a recent paper), then an attacker can possibly create false signatures.
In simple words:
- "strength" of the algorithm is considered to be proportional to the
qantity of operations necessary to break it (get plaintext, or key, or
colliding hash, etc.)
- there is obvious dependency between key length and "strength"
- there could be methods which lowers "strength" of algorithm
effectively reducing computational burden necessary for breaking it,
these methods are called "attacks"
- some of these "attacks" are practical (can be used for getting real
benefit in process of breaking) and some of them are "impractical"
(cannot be realised and have only speculative meaning)
The referred article is a pure example of "impractical" "attack".
The reason is that for its implementation (getting real benefit of
reducing computational expences) one have to have a lot of memory, a
_real_ _lot_ of memory - say if we convert all the atoms in the Sun to
memory cells than it will be enough memory to implement so-called
I have no knowledge about _any_ movements from authoritative side in
order to react in _any_ way to this so-called "attack". And I understand
the reason: this "attack" can not be realised in decades (or even
centuries ;) ), so it does not impact the real strength of algorithm.
I feel necessary to give this explanation to the audience and promise to
refrain from discussing crypto issues in this list except in cases of
some blatant statements will be done again.
Sorry once again for intervention.
More information about the Dnssec-deployment