On 10/13/2011 7:17 PM, Dirk Menstermann wrote:
Hello Jakob,
On 12.10.2011 22:21, Jakob Bohm wrote:
I know that to sign, i have to take a hash of some document or message but,
theoretically, i could encrypt any document? The padding scheme would shrink
the message and them could reveal the same message after deciphering?
The padding scheme would grow the message to fill out the key size.
Putting the message directly into the padding scheme is only safe for some
RSA padding schemes, as some padding schemes are safe only if the message
is a completely random bit string not known to the enemy (secret encryption keys
are usually such strings, actual messages are usually not).
Can you elaborate on which paddings should only be used with pure random data
and which can be used for arbitrary data?
Unfortunately not, I am a security engineer, not a fully trained
cryptographer/cryptanalyst.
As an engineer I am aware that attacking an algorithm such as RSA is
easier the more the
attacker knows or can control about the input, and that providing a too
structured input
is thus a bad idea. I am also aware that the main change in PKCS#1 v2.0
compared
to the old PKCS#1 v1.0 was to replace fixed padding with padding that
made most of
the input bits more similar to random bits.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager majord...@openssl.org
