RSA Signing Security?
- From: "JG" <johngarner@xxxxxxxxxxxxx>
- Date: 28 Aug 2006 15:20:53 -0700
Hello.
Can someone give me some clarification here please ...
I'm working on a document management system for a client and need to
sign a large number of documents for storage. According to the latest
pkcs#1 spec (1v2-1):
"Although no attacks are known against RSASSA-PKCS1-v1_5,in the
interest of increased robustness, RSASSA-PSS is recommended for
eventual adoption in new applications."
This indicates there are no attacks against RSA for digital signing. Is
this true?, and if not, what are the caveats to this statement?
If SHA1withRSA and a 2048 modulus are used, and all the RSA parameters
are generated 'correctly' (proper primes, d & e exponents etc), and the
application uses one of the signature schemes mentioned above, are
there any risks? (assume there are no issues with SHA1).
Finally, are there any real, or theoretical risks related to the number
of documents the application signs & stores i.e. if an adversary could
access the repository, is there any greater risk of the signing keys
being broken if I sign 100 million documents, rather than 10?
Thanks.
.
- Follow-Ups:
- Re: RSA Signing Security?
- From: Mark Wooding
- Re: RSA Signing Security?
- From: Peter Pearson
- Re: RSA Signing Security?
- Prev by Date: Re: SSL, Apache 2 and RSA key sizes
- Next by Date: Re: SSL, Apache 2 and RSA key sizes
- Previous by thread: Re: SSL, Apache 2 and RSA key sizes
- Next by thread: Re: RSA Signing Security?
- Index(es):
Relevant Pages
|
|
