[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: rsa public keys

To: Carl Ellison <cme@cybercash.com>
Subject: Re: rsa public keys
From: Markku-Juhani Saarinen <mjos@ssh.fi>
Date: Tue, 5 Aug 1997 12:14:39 +0300 (EET DST)
Cc: spki@c2.net, burt@rsa.com
In-Reply-To: <199708042238.SAA03206@carl.cybercash.com>

On Mon, 4 Aug 1997, Carl Ellison wrote:

> If all you care about, in your definition of "principal", is
> "the person who knows the secret", then just the modulus is enough to
> identify that person. 

I don't think that a modulus alone can securely speak for its owner.
Eve could associate e=1, e=0, e=2, e=-1 or some other cooked exponent with
a modulus. 

> If you want to identify a key as rsa-pkcs1 rather than rsa-pkcs1-md5,
> why not just "rsa" and let the pkcs1 (input formatting) be left independent
> of the key?

I can't see any reason for doing that. PKCS#1 doesn't allow Chaum's blind
signatures, but a principal key (which is a "regular" signature key)
should not be used for blind signatures anyway. 

The level of security would decrease as we could not be sure what
input formatting was used. It really doesn't matter if we can't be sure
what hash function was used, because the chance of sha1 <-> md5
collisions ( i.e. having x and y so that  md5(x) = sha1(y) ) is minimal.

- Markku-Juhani Saarinen <mjos@ssh.fi>

Follow-Ups:

Re: rsa public keys

From: Carl Ellison <cme@cybercash.com>

Prev by Date: Re: rsa public keys
Next by Date: Re: rsa public keys
Prev by thread: Re: rsa public keys
Next by thread: Re: rsa public keys
Index(es):
- Main
- Thread