An authentication question
Adam Fields
fields at surgam.net
Mon Aug 5 23:32:28 EDT 2002
On Mon, Aug 05, 2002 at 11:21:03PM +0100, Matthew Byng-Maddick wrote:
> On Mon, Aug 05, 2002 at 04:44:28PM -0400, Jack Lloyd wrote:
> > In the second version, any random user (or script) could upload very large
> > files, wasting your bandwidth, and also CPU time when you check the sig. Or
> > lots and lots of really small files, which would swamp your CPU(s) trying
> > to check 500 sigs a second (makes for a good DDOS).
>
> public key operations are significantly faster than private key ones. So it
> is far easier to check 500 sigs than to generate them in the first place.
If I remember correctly, that's not necessarily the case, but it's
also only relevant if you assume that the attacker is generating valid
signatures (why would they bother, since they won't check out anyway?)
and not just throwing random bitstrings at you.
--
- Adam
-----
Adam Fields, Managing Partner, fields at surgam.net
Surgam, Inc. is a technology consulting firm with strong background in
delivering scalable and robust enterprise web and IT applications.
Ask about Vignette maximization: http://www.surgam.net/vignette.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list