On 9/5/06, Michael Rogers <m.rogers at cs.ucl.ac.uk> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Matthew Toseland wrote: > > We will be using STS, at least initially. Which means checking a > > signature. > > Cool, IANAC but I think we should be OK.
As long as we're signing the data, not its hash; in normal use, one signs the hash of the data for compute cost reasons (and IIRC there are security reasons too, but I don't have Applied Cryptography in front of me right now). That is secure as long as there is second preimage resistance, but the hash function *is* security critical. Evan
