An authentication question
Matt Crawford
crawdad at fnal.gov
Tue Aug 6 10:27:10 EDT 2002
> > In the second version, any random user (or script) could upload very large
> > files, wasting your bandwidth, and also CPU time when you check the sig. Or
> > lots and lots of really small files, which would swamp your CPU(s) trying
> > to check 500 sigs a second (makes for a good DDOS).
>
> public key operations are significantly faster than private key ones. So it
> is far easier to check 500 sigs than to generate them in the first place.
If the sig is not going to be accepted anyway, there's no need to compute it.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list