Sign with salt
Posted Jun 30, 2009 12:00 UTC (Tue) by forthy
Parent article: Dealing with weakness in SHA-1
One way to improve the strength of a signature is to sign with salt,
i.e. sign random number + document instead of document alone (you can put
the random number into the hash key accumulator as starting point). This
basically removes the possibility to create a pair of documents that will
result with the same hash in advance, because the random number of the
signer is still unknown (unless of course, the hash has a vulnerability,
where a known sequence of bytes removes the history in the accumulator).
This is a remedy that can be implemented right now, even with SHA-1.
Several of the SHA-3 proposals recommend something in that direction,
though e.g. Bruce Schneier recommends to start with your public key as
salt - this is less useful, since the public key is known to the attacker.
Though a document with several signers makes it a lot more difficult for
to post comments)