On Tue, Feb 07, 2006 at 10:39:01AM -0800, Bob Mearns wrote:
> I appreciate that the security of such a short signature is paltry.
> In my application, the signature length (keeping it short) is as
> important as the security (odd as that may seem). I've not found
> a way to generate signatures as short as I'd like using OpenSSL -
> is there just no way to do it using PK?
>
ECC is believed secure at well under 200 bits, so you could sign a SHA1
checksum with suitable ECC algorithm in ~192 bits with a "reasonable"
security guarantee.
Note, however that best practice in this space (sparse as it may be)
recommends somewhat larger hashes and key sizes:
http://www.nsa.gov/ia/industry/crypto_suite_b.cfm
Specifically, SHA-256 with 256 bit ECC or SHA-384 with 384 bit ECC:
http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf
these correspond (usual birthday paradox) to 128 bit and 192 bit
encryption strength respectively.
Some uses of ECC are protected by patents...
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
