Eugen Leitl asked: > 1) What's the name of the technique of salting/padding an small integer > I'm signing with random data?
You shouldn't need to salt/pad with random data, fixed data should be OK. > 2) If I'm signing above short (~1 kBit) sequences, can I sign them > directly, or am I supposed to hash them first? (i.e. does a presence > of an essentially fixed field weaken the signature) Derek Atkins replied: > It depends on the signature algorithm. With RSA you can sign any > message "directly" if said message is smaller than the public key size > (N). DSA, however, requires the use of a hash. Actually, depending on the data being signed, it can be important to hash for RSA. After all, RSA is existentially forgeable: anyone can forge a signature on a *random* value (if C=M^e mod n, then M is a signature on C). They might be able to try some large number of sigs until they got a random value which looked enough like legitimate data to be accepted - especially possible if the 1kbit value being signed holds dense, random-ish binary data. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]