Matthew Toseland wrote: > it might be possible > to do a CPU DoS in very little bandwidth (not a serious attack if it > takes much longer to generate a signature than to verify one... does > it?).
It does with RSA, not sure about other algorithms... use 'openssl speed' to find out... but what attack do you have in mind? Can the attacker just send junk instead of real signatures? Cheers, Michael
