[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Security problems in Photuris #2
> Plain RSA alone is not secure for digital
> signatures over any hidden text.
> > Photuris is intended to be algorithm independent.
>
> No, it is not. Only a few, well chosen, algorithms are specified.
> Bad assumptions lead to a bogus argument.
I propose a simple compromise: document the assumptions.
Since Bill keeps asking for text contributions, here's one:
``Photuris signature transforms must hide their input.
A signature transform which leaks information about
its input is unsuitable for use in Photuris.''
Follow-Ups:
References: