Re: dpkg-sig support wanted?

[Florian Weimer <fw@deneb.enyo.de>]

* Steinar H. Gunderson:

> On Sat, Nov 26, 2005 at 10:59:57AM +0100, Florian Weimer wrote:
>> So?  If SHA256 is so much better, why is that nobody can prove it, or
>> at least can provide some evidence which supports that claim?  "The
>> numbers are bigger" is the main argument at this point, which is
>> awfully similar to the usual snake-oil arguments (although there is a
>> slight difference, of course).
>
> In the world of cryptography, _proving_ security is rather difficult.

That's why I wrote "some evidence".  Things like "nobody managed so
far to extend attacks A, B, C beyond k rounds" are pretty weak.

> All you can say is "well, nobody have made any real progress towards
> this yet", and then estimate approximately how much work has
> actually been done with regard to breaking it.

There are cryptosystems where attacks (in some well-defined sense, of
course) are provably equivalent to some other problem which is
believed to be hard (factoring, RSA).

However, there are also cryptosystems which were shown to have such
properties, but where the proof was wrong.  General OAEP was such a
case, IIRC.

>> In terms of security, there are some better hash functions.  But those
>> are academic designs, most of them based on big integer arithmetic
>> instead of bit fiddling.  Currently, nobody seems to be willing to pay
>> the price that comes with them.
>
> Well, the number theory-based hashes are interesting, but they
> haven't been around for a very long time (and aren't widely used
> yet), so nobody really knows how well they will fare in the long
> run.

Some of these systems have provable security properties, which might
increase confidence despite their lack of age.

> The other part of the price is of course speed.

Yes, this is the primary problem, it seems.