[Cryptography] Is storing a hash of a private key a security risk?
Jeff Burdges
burdges at gnunet.org
Tue Apr 12 16:33:12 EDT 2016
On Tue, 2016-04-12 at 11:13 +0000, Peter Gutmann wrote:
> Is storing a hash of a private key a security risk?
It depends on the "huge amount of details".
I presume you mean the private key corresponding to some public key that
appears elsewhere.
Is that public key generally available? If so, then a modern hash
function like SHA2, SHA3, etc. is far harder to invert than that public
key derivation function. It's no weaker in any real sense.
Is there are constraint on the hash function? If so, what? We're
worried about SHA1 for birthday attacks, but presumably an inversion
attack remains far fetched. I donno if MD5 poses a risk, but maybe.
Can you pad the key record inside the device with random noise known to
you? Does the device just hash all its memory for example? If so, that
extra entropy adds (information theoretic) security, strengthening even
a crap hash like MD5. Please do tell us the hash function though.
If you're still worried, then why can't you just do a trial signature or
decryption with a test vector? It's slower, but you only need to do it
occasionally.
Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160412/f0635edc/attachment.sig>
More information about the cryptography
mailing list