An authentication question
Roy M.Silvernail
roy at sendai.scytale.com
Tue Aug 6 06:47:34 EDT 2002
On Monday 05 August 2002 05:21 pm, you wrote:
> On Mon, Aug 05, 2002 at 04:44:28PM -0400, Jack Lloyd wrote:
> > In the second version, any random user (or script) could upload very
> > large files, wasting your bandwidth, and also CPU time when you check the
> > sig. Or lots and lots of really small files, which would swamp your
> > CPU(s) trying to check 500 sigs a second (makes for a good DDOS).
>
> public key operations are significantly faster than private key ones. So it
> is far easier to check 500 sigs than to generate them in the first place.
Yes, but for a DoS attack, the signatures need not be good. They only need a
well-formed envelope.
--
Roy M. Silvernail [ ] roy at scytale.com
DNRC Minister Plenipotentiary of All Things Confusing, Software Division
PGP Key 0x1AF39331 : 71D5 2EA2 4C27 D569 D96B BD40 D926 C05E
Key available from pubkey at scytale.com
I charge to process unsolicited commercial email
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list