[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security problems in Photuris #2

To: bsimpson@morningstar.com (William Allen Simpson)
Subject: Re: Security problems in Photuris #2
From: David A Wagner <daw@CS.Berkeley.EDU>
Date: Thu, 12 Oct 1995 10:37:21 -0700 (PDT)
Cc: ipsec@ans.net
In-Reply-To: <199510120139.AA03817@interlock.ans.net> from "William Allen Simpson" at Oct 12, 95 00:51:30 am

>                                Plain RSA alone is not secure for digital
> signatures over any hidden text.

> > Photuris is intended to be algorithm independent.
> 
> No, it is not.  Only a few, well chosen, algorithms are specified.

> Bad assumptions lead to a bogus argument.


I propose a simple compromise: document the assumptions.

Since Bill keeps asking for text contributions, here's one:

	``Photuris signature transforms must hide their input.
	  A signature transform which leaks information about
	  its input is unsuitable for use in Photuris.''

Follow-Ups:

Re: Security problems in Photuris #2

From: Bill Sommerfeld <sommerfeld@apollo.hp.com>

References:

Re: Security problems in Photuris #2

From: "William Allen Simpson" <bsimpson@morningstar.com>

Prev by Date: Re: Security problems in Photuris #2
Next by Date: Re: Security problems in Photuris #2
Prev by thread: Re: Security problems in Photuris #2
Next by thread: Re: Security problems in Photuris #2
Index(es):
- Main
- Thread