adding noise blob to data before signing
Nomen Nescio
nobody at dizum.com
Sat Aug 10 14:40:21 EDT 2002
Eugen Leitl asked:
> 1) What's the name of the technique of salting/padding an small integer
> I'm signing with random data?
You shouldn't need to salt/pad with random data, fixed data should be
OK.
> 2) If I'm signing above short (~1 kBit) sequences, can I sign them
> directly, or am I supposed to hash them first? (i.e. does a presence
> of an essentially fixed field weaken the signature)
Derek Atkins replied:
> It depends on the signature algorithm. With RSA you can sign any
> message "directly" if said message is smaller than the public key size
> (N). DSA, however, requires the use of a hash.
Actually, depending on the data being signed, it can be important to
hash for RSA. After all, RSA is existentially forgeable: anyone can
forge a signature on a *random* value (if C=M^e mod n, then M is a
signature on C). They might be able to try some large number of sigs
until they got a random value which looked enough like legitimate data
to be accepted - especially possible if the 1kbit value being signed
holds dense, random-ish binary data.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list