EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Use customize Hash algorithm

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#7840
Posted: 10/11/2008 03:36:48
by Mohammad Khorsandi (Basic support level)
Joined: 05/05/2008
Posts: 34

May I use my customize hashing algorithm(that I have developed it) instead of MD5(for example) for generate certificate?

thanks.
#7841
Posted: 10/11/2008 04:06:22
by Ken Ivanov (EldoS Corp.)

Thank you for contacting us.

The exact answer is yes, however, you will need to resolve a number of extra technical tasks to achieve it. The need to be conformant to the X.509 standard will require you to set up the necessary object identifiers (OIDs) for those new algorithms. Besides, third-party software vendors will not be able to validate your certificates.

From the other side, there should be a very serious reason not to use the commonly used standard algorithms. Most of public cryptographic algorithms are deeply investigated and proved to be stable and secure.
#7842
Posted: 10/11/2008 06:24:36
by Mohammad Khorsandi (Basic support level)
Joined: 05/05/2008
Posts: 34

Thank for your answer,
Is it possible IE or FireFox can not validate this certificate? or has problem with this certificate?
#7843
Posted: 10/11/2008 06:35:52
by Ken Ivanov (EldoS Corp.)

Since neither IE nor Firefox know your hash algorithm, they will be unable to validate such certificates.
#7844
Posted: 10/12/2008 00:45:20
by Mohammad Khorsandi (Basic support level)
Joined: 05/05/2008
Posts: 34

Thanks,
Can you tell me what extra technical tasks I must be rosolve it? And what OIDs I must be change it?

thanks for your cooperation.

Quote
Innokentiy Ivanov wrote:
The exact answer is yes, however, you will need to resolve a number of extra technical tasks to achieve it. The need to be conformant to the X.509 standard will require you to set up the necessary object identifiers (OIDs) for those new algorithms.
#7845
Posted: 10/13/2008 00:44:42
by Ken Ivanov (EldoS Corp.)

Quote
Can you tell me what extra technical tasks I must be rosolve it?

I. Common tasks (not specific to some particular implementation):

1. Reserve an object identifier for your hash algorithm.
2. Reserve an object identifier for the signature algorithm based on your hash algorithm.
3. Create the necessary ASN.1 structures for storing key material and signature values (optional).

II. Technical SBB-specific tasks:

1. Extend built-in cryptographic provider with support for your hash algorithm.
2. Extend TElX509Certificate with support for necessary OIDs and the corresponding redirections to cryptographic provider.
3. Extend X.509-related classes (TElCertificateRequest, TElCertificateRevocationList etc.) with support for your hash algorithm.

Actually, I see no reason for using custom hash algorithms (except the need to be compatible with some third-party software). There are at least too advantages for using the existing standardized algorithms:
a) as such algorithms are standardized, they are understood by all the software on the market,
b) all such algorithms have been thoroughly studied by cryptoanalysts and proved to provide high security level.
Also by EldoS: Callback File System
Create virtual file systems and disks, expose and manage remote data as if they were files on the local disk.

Reply

Statistics

Topic viewed 1444 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!