On Sun, 2005-08-14 at 14:24 +0100, Ben Laurie wrote: > Jeroen Massar wrote: <SNIP> > > * sign(encrypt(message)) <SNIP> > More importantly, perhaps, Krawczyk has shown that, in general, sign > then encrypt is insecure. Which exact paper do you mean? Also note that when you say that that is insecure you are also saying that either/both the signing and/or the encryption are insecure in which case the solution to the problem should be sought in a different place... Greets, Jeroen
Attachment:
signature.asc
Description: This is a digitally signed message part