W3C home > Mailing lists > Public > xml-encryption@w3.org > April 2002

Re: FW: Re: rsa/oaep

From: jiandong guo <jguo@phaos.com>
Date: Tue, 16 Apr 2002 22:41:23 -0700
Message-ID: <000a01c1e5d2$895311a0$c54692ac@vaio>
To: <tgindin@us.ibm.com>
Cc: <xml-encryption@w3.org>, <reagle@w3c.org>
I believe that what we agreed before is to fix SHA-1 for using with MGF.

The reason that the same hash function is suggested to be used in RSASSA-PSS 
signature scheme is to against the weak-hash fuction substitute attack where the attacker
could forge a new signature from the given signature by using a weak hash function acceptable by the verifier in MGF. This attack can also be addressed by fixing a 
strong hash function (e.g. SHA-1) for use. 

In any case, RSA-OAEP is an encryption scheme so this type of attack doesn't make sense here.

Jiandong Guo
Phaos Technology
Received on Tuesday, 16 April 2002 22:58:11 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:32:03 UTC