Peter Gutmann wrote:
> Right, but it's been pure luck that that particular
> implementation (and most likely a number of others)
> happen to have implemented only a small number of hash
> algorithms that allow only absent or NULL parameters.
> Anything out there that implements a wider range of
> algorithms, including any that allow parameters, is
> most likely toast.

Parameters should not be expressed in the relevant part
of the signature.  The only data that should be
encrypted with the RSA private key and decrypted with
the public key is the hash result itself, and the
padding.  If the standard specifies that additional
material should be encrypted, the standard is in error
and no one should follow it.

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to