On 27/01/13 04:53 AM, Peter Gutmann wrote:
ianG i...@iang.org writes:
Could OAEP be considered reasonable for signatures?
You need to define appropriate. For example if you mean interoperable
then OAEP isn't even appropriate for encryption, let alone signatures.
Oh, interoperable is not
James Muir wrote:
PSS is similar to OAEP, but is for signatures. If you have OAEP
implemented, then it wouldn't take you long to do PSS, which is
described in the PKCS-1v2.1 document.
This is the answer I suspected in reading the original post question.
Hacking OAEP into a signature scheme
On 13-01-26 08:53 PM, Peter Gutmann wrote:
ianG i...@iang.org writes:
Could OAEP be considered reasonable for signatures?
You need to define appropriate. For example if you mean interoperable
then OAEP isn't even appropriate for encryption, let alone signatures. If
you're worried about
Ryan Sleevi ryan+cryptogra...@sleevi.com writes:
Did you just suggest that the timing channels in PKCS#1 v1.5 are easier to
get right than the timing channels of OAEP?
Yup.
The same PKCS#1 v1.5 encryption that's confounding people a decade [1] after
the original attacks [2]?
You're confusing
offtopic to list purpose, but perhaps timely to this thread
http://www.webmonkey.com/2013/01/users-scramble-as-github-search-exposes-passwords-security-details/
--dan
___
cryptography mailing list
cryptography@randombit.net
I don't understand how you can accidentally check in ~/.ssh to your
repository, or at least not notice afterwards. Hopefully the OpenSSL
authors won't do that!
On Sun, Jan 27, 2013 at 9:29 PM, d...@geer.org wrote:
offtopic to list purpose, but perhaps timely to this thread
On 27 January 2013 21:34, Patrick Mylund Nielsen
cryptogra...@patrickmylund.com wrote:
I don't understand how you can accidentally check in ~/.ssh to your
repository, or at least not notice afterwards. Hopefully the OpenSSL authors
won't do that!
If you keep ~ in a git repo it is surprisingly