Re: RSA PSS in SSH?

To: Hanno Böck <hanno%hboeck.de@localhost>
Subject: Re: RSA PSS in SSH?
From: nisse%lysator.liu.se@localhost (Niels Möller)
Date: Mon, 22 Nov 2010 12:42:33 +0100

Hanno Böck <hanno%hboeck.de@localhost> writes:

> Are there any plans for a transition to RSASSA-PSS (as specified in pkcs #1 
> 2.1)?

Not that I am aware of.

> (I saw that RFC 4253 already specifies the use of RSA-OAEP for encrypted key 
> exchange)

My understanding is that the pkcs#1 v1.5 padding is a much more severe problem for
encryption than for signing, mostly related to chosen ciphertext attacks.

But I'm not a cryptologist. How important is it to obsolete v1.5 padding
for signatures? What attacks are there?

Regards,
/Niels

-- 
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.

Follow-Ups:
- Re: RSA PSS in SSH?
  - From: Hanno Böck

References:
- RSA PSS in SSH?
  - From: Hanno Böck

Prev by Date: Re: SSH URI draft
Next by Date: Re: RSA PSS in SSH?
Previous by Thread: RSA PSS in SSH?
Next by Thread: Re: RSA PSS in SSH?
Indexes:

Home | Main Index | Thread Index | Old Index