Since the hashing process is modified, the signer and verifier must be aware of RMX, right at the beginning of message processing.RMX is meant to be applied on any binary message, but it requires generation of some random value, to be transmitted along with the message.It has resulted in an Internet Draft and NIST Special Publication SP-800-106. Halevi and Krawczyk have specified a generic way which should be good for all hash functions, and called it RMX. ![]() ![]() Such randomness should be inserted in an "appropriate" way, which depends on the internal structure of the hash function. ![]() a random serial number, added by the issuing CA of a certificate), the signature ought to be resistant to mere collision attacks, and, ultimately, work on preimage resistance (and MD5, with all its shortcomings, still appears to be optimally resistant to preimages). On the other hand, with some randomness inserted by the signer (e.g. On a general basis, signature algorithms begin by hashing the input message with a given hash function if the message or hashing process is fully controlled by the attacker, then collision resistance of the hash function becomes an important issue. A non-random serial number does not imply, by itself, a security issue with the signature scheme, but, as points out, it can be used to leverage an attack.
0 Comments
Leave a Reply. |