[15816] in cryptography@c2.net mail archive
Re: dual-use digital signature vulnerability
daemon@ATHENA.MIT.EDU (Amir Herzberg)
Thu Jul 22 13:54:53 2004
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 22 Jul 2004 13:37:35 +0200
From: Amir Herzberg <herzbea@macs.biu.ac.il>
To: Barney Wolff <barney@databus.com>
Cc: Anton Stiglic <astiglic@okiok.com>,
"'Anne & Lynn Wheeler'" <lynn@garlic.com>,
"'Amir Herzberg'" <herzbea@macs.biu.ac.il>, cryptography@metzdowd.com
In-Reply-To: <20040721161418.GA58820@pit.databus.com>
This is a multi-part message in MIME format.
--------------040007090602010200090403
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Barney Wolff wrote:
> Pardon a naive question, but shouldn't the signing algorithm allow the
> signer to add two nonces before and after the thing to be signed, and
> make the nonces part of the signature? That would eliminate the risk
> of ever signing something exactly chosen by an attacker, or at least
> so it would seem.
Most (secure) signature schemes actually include the randomization as
part of their process, so adding nonces to the text before signing is
not necessary. OTOH, I don't see any problem in defining between the
parties (in the `meta-contract` defining their use of public key
signatures) that the signed documents are structured with a random field
before and after the `actual contract`, as long as the fields are well
defined.
--
Best regards,
Amir Herzberg
Associate Professor, Computer Science Dept., Bar Ilan University
http://amirherzberg.com (information and lectures in cryptography &
security)
Mirror site: http://www.mfn.org/~herzbea/
--------------040007090602010200090403
Content-Type: text/x-vcard; charset=utf-8;
name="herzbea.vcf"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="herzbea.vcf"
begin:vcard
fn:Amir Herzberg
n:Herzberg;Amir
org:Bar Ilan University;Computer Science
adr:;;;Ramat Gan ;;52900;Israel
email;internet:herzbea@cs.biu.ac.il
title:Associate Professor
tel;work:+972-3-531-8863
tel;fax:+972-3-531-8863
x-mozilla-html:FALSE
url:http://AmirHerzberg.com , mirror: http://www.mfn.org/~herzbea/
version:2.1
end:vcard
--------------040007090602010200090403--
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
