Prev: On the general benefits of introducing dynamics into encryptionprocessing
Next: Call for participants
From: Skybuck Flying on 7 May 2010 00:33 Hello, I was thinking about using RSA for it's signature capabilities... it's important that messages are signed... the messages themselfes can be out in the open... so encryption/decryption is not really needed and could actually make it less secure for small messages and require extra work for padding. I skimmed over this document for digital signatures, which mentions "plain" rsa signatures are kinda weak ?!?: http://en.wikipedia.org/wiki/Digital_signature And also this document for RSA which mentions the padding: http://en.wikipedia.org/wiki/RSA What I really want is "digital signatures" for people to use, so that they can identify themselfes as being the same/true/real source of many messages. So I wonder what the best/strongest digital signature algorithm is ? Any idea's ?!? Bye, Skybuck.
From: Scott Contini on 7 May 2010 01:34 On May 7, 2:33 pm, "Skybuck Flying" <IntoTheFut...(a)hotmail.com> wrote: > Hello, > > I was thinking about using RSA for it's signature capabilities... it's > important that messages are signed... the messages themselfes can be out in > the open... so encryption/decryption is not really needed and could actually > make it less secure for small messages and require extra work for padding.. > > I skimmed over this document for digital signatures, which mentions "plain" > rsa signatures are kinda weak ?!?: > > http://en.wikipedia.org/wiki/Digital_signature > > And also this document for RSA which mentions the padding: > > http://en.wikipedia.org/wiki/RSA > > What I really want is "digital signatures" for people to use, so that they > can identify themselfes as being the same/true/real source of many messages. > > So I wonder what the best/strongest digital signature algorithm is ? > > Any idea's ?!? > > Bye, > Skybuck. RSA Signatures are weak if you don't use proper padding. But if you do padding as in the PKCS standard, then I think there are no known weaknesses to it. It doesn't really make sense to say what the "strongest" digital signature algorithm is. Many algorithms are strong if you use a sufficiently large key. One could talk about what the "best" one is according to speed, code size, signature time, verification time, etc... for some required strength level. Different algorithms do better for different categories. An algorithm like ECDSA does fairly well overall. Scott
From: Skybuck Flying on 7 May 2010 02:00 Hmmm, I am interested in these two algorithms, which I am going to read up on ;) http://en.wikipedia.org/wiki/Lamport_signature http://en.wikipedia.org/wiki/Merkle_signature_scheme I already wrote a merkle hash tree once and it was a fun algorithm. I am not yet sure how it's used for digital signatures so I am going to read up on that ! ;) RSA seems to weak and pretty damn complex. DSA seems to have the possibility of secret channel information which worries me. Both RSA and DSA are based on primes and factorization and such which might be broken by quantum computers which already exist and could become more powerfull soon. According to the weblinks above lamport, hashes and merkle tree's would be more secure against quantum computers.. if that's really true remains to be seen but it's kinda interesting. It also allows me to re-use tiger hash algorithm and maybe implement the merkle tree myself so I don't have to be worried about code issue's ?! ;) :) I am not yet sure if merkle tree's/hashes are efficient... but so far I think the top root needs to be sent over... I am not sure what else... that's what I need to read up upon... also a new algorithm: lamport which also seems kinda interesting ;) Bye, Skybuck.
From: Skybuck Flying on 7 May 2010 02:15 Ok, I read these two documents, and lamport seems to have 16 KB of data associated with it... a bit much for my taste.. And the merkle hash tree has a message limitation, which is a very bad situation. So I think I can safely dismiss these two algorithms as well.. Which might lead me back to RSA after all... maybe with some padding, and maybe with some hashing. Furthermore at least encryption/decryption could be used for communication as well to obstruct snooping isp's a little bit... So RSA is interesting after all... but just a little bit. Bye, Skybuck ;) :)
From: Skybuck Flying on 7 May 2010 02:19 "Scott Contini" <the_great_contini(a)yahoo.com> wrote in message news:a7098064-a341-47da-b432-aaa9819d4deb(a)r21g2000prr.googlegroups.com... On May 7, 2:33 pm, "Skybuck Flying" <IntoTheFut...(a)hotmail.com> wrote: > Hello, > > I was thinking about using RSA for it's signature capabilities... it's > important that messages are signed... the messages themselfes can be out > in > the open... so encryption/decryption is not really needed and could > actually > make it less secure for small messages and require extra work for padding. > > I skimmed over this document for digital signatures, which mentions > "plain" > rsa signatures are kinda weak ?!?: > > http://en.wikipedia.org/wiki/Digital_signature > > And also this document for RSA which mentions the padding: > > http://en.wikipedia.org/wiki/RSA > > What I really want is "digital signatures" for people to use, so that they > can identify themselfes as being the same/true/real source of many > messages. > > So I wonder what the best/strongest digital signature algorithm is ? > > Any idea's ?!? > > Bye, > Skybuck. " RSA Signatures are weak if you don't use proper padding. But if you do padding as in the PKCS standard, then I think there are no known weaknesses to it. " Some quotes from the above links which I wonder about: 'and "plain" RSA signatures are not secure' What is ment with "plain" in this regard ? Do they mean unpadded messages ? or non-hashed messages ? or something totally different ? Later it goes on: 'As noted earlier, this basic scheme is not very secure. To prevent attacks, one can first apply a cryptographic hash function to the message m and then apply the RSA algorithm described above to the result. This approach can be proven secure in the so-called random oracle model.' I have a question: If a hash function is used on M does M still need to be padded to a "safe message length " ? and what would be a safe message length ? (They lost me on the random oracle model.. :)) Bye, Skybuck.
|
Next
|
Last
Pages: 1 2 3 Prev: On the general benefits of introducing dynamics into encryptionprocessing Next: Call for participants |