Quoting Ben Laurie <[EMAIL PROTECTED]>:
Yes, but you could know all this from cipher2 and RSA of SHA1(message), so I still don't see what value is added by cipher1.
Without cipher1, implying (iv1, RSA(SHA1(message) || key1)) it is impossible to determine the originator of the message.
Eh? If you have RSA(SHA1(message)) then decrypting that and checking the hash matches confirms the originator.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]