| RSS |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
On Monday 06 March 2006 14:25, chendongdong wrote: > ... > Which kind of salt should I provide? from RSA's submission to the NESSIE project (annex-B, page 8): "RSA-PSS is different than other RSA-based signature schemes in that it is probabilistic rather than deterministic, incorporating a randomly generated salt value. The salt value enhances the security of the scheme by affording a “tighter” security proof than deterministic alternatives such as Full Domain Hashing (FDH) (see [14] for discussion). However, the randomness is not critical to security. In situations where random generation is not possible, a fixed value or a sequence number could be employed instead, with the resulting provable security similar to that of FDH [15]. The randomness also reduces the requirements on the underlying hash function. Since an opponent does not know which salt value the signer will select, finding a collision in the hash function (two messages with the same hash value) does not enable an opponent to forge signatures. Accordingly, the collision-resistance of the hash function is not as important as in a deterministic signature scheme." i hope this answers your question. cheers; rsn
Attachment:
pgpb0KFWsXKt5.pgp
Description: PGP signature
_______________________________________________ gnu-crypto-discuss mailing list gnu-crypto-discuss@xxxxxxx http://lists.gnu.org/mailman/listinfo/gnu-crypto-discuss
[Home] [Gnu Classpath] [Linux Kernel] [Linux Cryptography] [Fedora] [Fedora Directory] [Red Hat Development] [Red Hat 9 Bible] [Fedora Bible] [Red Hat 9] [Network Security Reading]
|
|