adding noise blob to data before signing
Eric Rescorla
ekr at rtfm.com
Sat Aug 10 13:23:40 EDT 2002
Derek Atkins <derek at ihtfp.com> writes:
> Eugen Leitl <eugen at leitl.org> writes:
>
> > 2) If I'm signing above short (~1 kBit) sequences, can I sign them
> > directly, or am I supposed to hash them first? (i.e. does a presence
> > of an essentially fixed field weaken the signature)
>
> It depends on the signature algorithm. With RSA you can sign any
> message "directly" if said message is smaller than the public key size
> (N). DSA, however, requires the use of a hash.
>
> Note that, in the grand scheme of things, performing the public key
> operation is significantly slower than performing the hash, so it
> really doesn't hurt you computationally to perform the hash. OTOH,
> your signature strength still depends on the strength of your hash.
It's generally a bad idea to sign RSA data directly. The RSA
primitive is actually quite fragile. At the very least you should
PKCS-1 pad the data.
-Ekr
--
[Eric Rescorla ekr at rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list