At the very least hash-then-sign, but RSA-PSS looks like the latest-and-greatest insight from the crypto community, so I wouldn't ignore it :)
On 1/11/06, Tony Garnock-Jones tonyg@lshift.net wrote:
Cees De Groot wrote:
Err... recalling vaguely from memory - wasn't signing plaintext a big no-no? There were some attacks on RSA that based on feeding a signer plaintexts (or is my memory leaving me here?)...
Are you perhaps thinking of the need for something like RSA-PSS? _______________________________________________ Cryptography mailing list Cryptography@lists.squeakfoundation.org http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/cryptography