Eugene, > From: Eugene Levy [mailto:[EMAIL PROTECTED]] > Subject: RSA Digital Signatures: RSA_sign verus RSA+SHA1 > I heard that RSA is susceptible to plain text attacks, in that if > some of a RSA encrypted data is known, it is easier to get the rest of the > data, and that is why RSA is typically used for HASHes & random session > keys, which are hard to guess. > But if this is true, does it also apply to > RSA private key encryption? Why would you care? Private-key-encrypted data can be decrypted by anyone using the public key. In fact it has to be decrypted to verify the signature. And as you said, the attack is to get the whole plaintext if you know some part of it. Nobody recovers your private-key. In my opinion this kind of attack is no threat at all for digital signatures using RSA. Robert ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
