On Sat, 19 Feb 2005, Felix Cuello wrote: > SHA and MD5 are weak algorithms [and we do not use it since now]. But > what about old digitally signed documents? There is a protocol to > re-sign our old digitally signed documents [hashed using SHA or MD5]? Not really. One solution if someone has a large store of digitally signed documents where the original signer is not available is to rehash them with a better algorithm and use that hash to create a digital timestamp (of document + original signature) that the document existed before this was easily exploitable. Then the original signature is still preserved and can be verified, knowing that if there is a new timestamp of whatever date your risk assessment decides is too late to be secure any longer, that then the document was not compromised by these weaknesses. That assumes of course that these are not trivial weaknesses to exploit. I still advocate using multiple hashes and public key algorithms to sign documents - for instance, 5 years ago I would have said to use RSA + MD5 and DSA + SHA1 to create two separate digital signatures for each document. I would have said the security was mathematically as strong as the strongest individual signature. I would not say that "Well, SHA1 is 168 bits and MD5 is 128 bits, so the security is 168+128 bits." I would have said, "I don't want to bet everything on the fact that there isn't someone that finds a novel way to crack one of these algorithms due to a weakness no one previously knew about." None of the mathematical proofs of strength can account for the "lucky break", but I can account for it somewhat with risk management and multiple algorithms. -- Joel
