I believe that what we agreed before is to fix SHA-1 for using with MGF. The reason that the same hash function is suggested to be used in RSASSA-PSS signature scheme is to against the weak-hash fuction substitute attack where the attacker could forge a new signature from the given signature by using a weak hash function acceptable by the verifier in MGF. This attack can also be addressed by fixing a strong hash function (e.g. SHA-1) for use. In any case, RSA-OAEP is an encryption scheme so this type of attack doesn't make sense here. Jiandong Guo Phaos TechnologyReceived on Tuesday, 16 April 2002 22:58:11 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 October 2009 08:42:20 GMT