[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cypherpunk Certification Authority



At 11:20 AM 11/25/95 -0800, you wrote:
>At 01:53 AM 11/26/95 -0800, [email protected] wrote:
>>You'd rather sign before encryption??
>>Doesn't that give you "known plain-text" to attack?
>
>The signature is not known unless the whole message being signed is
>known.

Signatures often have known, or easily guessed, plaintext in them,
like the signer's name or ID number, or various header fields
such as X.509's equivalent to ----- BEGIN PGP ....

>And any encryption scheme that is vulnerable to known plaintext attack
>where only a part of the message is known, is worthless anyway.

DES isn't worthless.  It's a bit weak, but not worthless.
#--
#				Thanks;  Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0663 Pager/Voicemail 1-408-787-1281