On Tue, Feb 07, 2006 at 10:39:01AM -0800, Bob Mearns wrote: > I appreciate that the security of such a short signature is paltry. > In my application, the signature length (keeping it short) is as > important as the security (odd as that may seem). I've not found > a way to generate signatures as short as I'd like using OpenSSL - > is there just no way to do it using PK? >
ECC is believed secure at well under 200 bits, so you could sign a SHA1 checksum with suitable ECC algorithm in ~192 bits with a "reasonable" security guarantee. Note, however that best practice in this space (sparse as it may be) recommends somewhat larger hashes and key sizes: http://www.nsa.gov/ia/industry/crypto_suite_b.cfm Specifically, SHA-256 with 256 bit ECC or SHA-384 with 384 bit ECC: http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf these correspond (usual birthday paradox) to 128 bit and 192 bit encryption strength respectively. Some uses of ECC are protected by patents... -- Viktor. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]