Re: FW: Re: rsa/oaep from jiandong guo on 2002-04-17 (xml-encryption@w3.org from April 2002)

From: jiandong guo <jguo@phaos.com>
Date: Tue, 16 Apr 2002 22:41:23 -0700
To: <tgindin@us.ibm.com>
Cc: <xml-encryption@w3.org>, <reagle@w3c.org>
Message-ID: <000a01c1e5d2$895311a0$c54692ac@vaio>

I believe that what we agreed before is to fix SHA-1 for using with MGF.

The reason that the same hash function is suggested to be used in RSASSA-PSS 
signature scheme is to against the weak-hash fuction substitute attack where the attacker
could forge a new signature from the given signature by using a weak hash function acceptable by the verifier in MGF. This attack can also be addressed by fixing a 
strong hash function (e.g. SHA-1) for use. 

In any case, RSA-OAEP is an encryption scheme so this type of attack doesn't make sense here.

Jiandong Guo
Phaos Technology

Received on Tuesday, 16 April 2002 22:58:11 UTC