[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RSA Signature Padding

To: pgut001@xxxxxxxxxxxxxxxxx, SChokhani@xxxxxxxxxxxx, simon@xxxxxxxxxxxxx, stefan@xxxxxxxxxxx
Subject: Re: RSA Signature Padding
From: Peter Gutmann <pgut001@xxxxxxxxxxxxxxxxx>
Date: Sun, 14 Jun 2009 01:16:45 +1200
Cc: ietf-pkix@xxxxxxx, tgindin@xxxxxxxxxx
In-reply-to: <C6596B5E.29CB%stefan@xxxxxxxxxxx>
List-archive: <http://www.imc.org/ietf-pkix/mail-archive/>
List-id: <ietf-pkix.imc.org>
List-unsubscribe: <mailto:ietf-pkix-request@imc.org?body=unsubscribe>
Sender: owner-ietf-pkix@xxxxxxxxxxxx

Stefan Santesson <stefan@xxxxxxxxxxx> writes:

>The way I read this is that 1.5 is handcrafted to mitigate known attacks
>while PSS use a more generic and provable secure approach. But neither of
>them are broken.
>
>Would that be a correct assessment?

Yes.  So 1.5 makes some cryptographers uneasy because it's not as rigorous as
PSS, but (barring buggy implementations, which affects PSS as much as 1.5)
there's currently no known attack against it that makes 1.5 worse than PSS.
9796-2, on the other hand, is a long series of patches to fix up weaknesses,
and there's no sign it's getting much better over time.

Peter.

References:
- Re: RSA Signature Padding
  - From: Stefan Santesson

Prev by Date: Re: RSA Signature Padding
Previous by thread: Re: RSA Signature Padding
Next by thread: Re: RSA Signature Padding
Index(es):
- Date
- Thread