Hello
Does it exist a private / public key algorithm that can generate smaller messages than 512 bits.
I need this for a challenge / response algorithm. The challenge code will be the encrypted with a
private key (on a web server) and the encrypted challenge code will be the response code.
Challenge / response? As in authentication? If it is for authentication, then you don't need public key encryption; one-way hash functions would do (in fact, it is a standard technique).
Say your server wants to authenticate a user through a remote connection -- that is, you want to make sure that the client knows a (correct) secret password, but without transmitting the password in plaintext. The protocol goes like this:
Server sends random and unique key (all-time unique; i.e., the server should never *ever* repeat a key).
Client receives key, and computes HASH (password + key) and transmits it (hash could be MD5, SHA-1, etc.)
Server receives the hash and computes the expected hash (HASH (correct password + transmitted key) and verifies.
The protocol is secure because:
1) anyone observing the data can't do anything with it -- every time the server will send a different key, so having observed the hash from a past session will be useless.
2) No-one can determine the password from the observed hash and key -- the hash is a one-way function; of course, the security of your protocol is as strong as the hash function.
Hope this answers your question.
Carlos --
