[11441] in cryptography@c2.net mail archive
Re: adding noise blob to data before signing
daemon@ATHENA.MIT.EDU (Nomen Nescio)
Sat Aug 10 15:06:19 2002
From: Nomen Nescio <nobody@dizum.com>
To: cryptography@wasabisystems.com
Date: Sat, 10 Aug 2002 20:40:21 +0200 (CEST)
Eugen Leitl asked:
> 1) What's the name of the technique of salting/padding an small integer
> I'm signing with random data?
You shouldn't need to salt/pad with random data, fixed data should be
OK.
> 2) If I'm signing above short (~1 kBit) sequences, can I sign them
> directly, or am I supposed to hash them first? (i.e. does a presence
> of an essentially fixed field weaken the signature)
Derek Atkins replied:
> It depends on the signature algorithm. With RSA you can sign any
> message "directly" if said message is smaller than the public key size
> (N). DSA, however, requires the use of a hash.
Actually, depending on the data being signed, it can be important to
hash for RSA. After all, RSA is existentially forgeable: anyone can
forge a signature on a *random* value (if C=M^e mod n, then M is a
signature on C). They might be able to try some large number of sigs
until they got a random value which looked enough like legitimate data
to be accepted - especially possible if the 1kbit value being signed
holds dense, random-ish binary data.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
