W3C home > Mailing lists > Public > xml-encryption@w3.org > February 2001

Re: Signing and Encryption

From: Joseph M. Reagle Jr. <reagle@w3.org>
Date: Thu, 01 Feb 2001 11:11:46 -0500
Message-Id: <4.3.2.7.2.20010201110759.02b24898@rpcp.mit.edu>
To: "Takeshi Imamura" <IMAMU@jp.ibm.com>
Cc: <xml-encryption@w3.org>, hal@finney.org, "Alan Kotok" <kotok@w3.org>
Actually, since Hal brough this up, I've been presuming it's the digest 
information that "leaks" information about the (now) encrypted content. 
However, if the hash chosen is a strong one-way hash, what information would 
this reveal? Or is the "leak" from other data found in the Signature?

At 23:02 2/1/2001 +0900, Takeshi Imamura wrote:
> >2. Does it leave signature data available to aid plain text
> >guessing attacks?
> >
> >You've encrypted the SignatureValue (enc3) to help prevent
> >an attack on (enc2), however, it's the DigestValue that
> >has the information that will be useful to you in attacking
> >(enc2), right?
>
>Yes.  This is just my mistake.



__
Joseph Reagle Jr.                 http://www.w3.org/People/Reagle/
W3C Policy Analyst                mailto:reagle@w3.org
IETF/W3C XML-Signature Co-Chair   http://www.w3.org/Signature
W3C XML Encryption Chair          http://www.w3.org/Encryption/2001/
Received on Thursday, 1 February 2001 11:12:00 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:31:59 UTC