On Mon, Dec 01, 2014 at 09:14:03AM -0500, Nick Mathewson wrote: > Then how about specifying something like this for the RSA-signed part > (in place of the SHA1): > [fixed string] 8 bytes > [SHA512 signature] 32 bytes > > Where the fixed sting could be something like "HSNONTOR", and we can > reserve other strings for later if we actually do want to support RSA > signatures over SHA512.
What kind of signature padding is done by the signature using the HS key today? I would be less wary if the *plaintext* (pre-hash) started with the above fixed string, and then some sensible padding mode (e.g., OAEP(+?)) was put on top of it. - Ian _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
