[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cypherpunk Certification Authority

At 11:20 AM 11/25/95 -0800, you wrote:
>At 01:53 AM 11/26/95 -0800, [email protected] wrote:
>>You'd rather sign before encryption??
>>Doesn't that give you "known plain-text" to attack?
>The signature is not known unless the whole message being signed is

Signatures often have known, or easily guessed, plaintext in them,
like the signer's name or ID number, or various header fields
such as X.509's equivalent to ----- BEGIN PGP ....

>And any encryption scheme that is vulnerable to known plaintext attack
>where only a part of the message is known, is worthless anyway.

DES isn't worthless.  It's a bit weak, but not worthless.
#				Thanks;  Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0663 Pager/Voicemail 1-408-787-1281