|
|
|
|
|
|
by mmastrac
721 days ago
|
|
|
RSA can technically sign any arbitrary data like this -- it's fine, but you run the risk that any arbitrary set of bytes might accidentally look valid. Unpadded encryption/signing is the worst. PKCS padding is better because you at least need to decrypt to `0x00 || 0x01 || PS || 0x00 || <message>`, but the more flexible the data you're signing, even if padded, the less secure it is. It's far more secure to sign a hash and prepend that to the data itself because that means you need to have a very specific number of padding bytes that match, and you need a way to generate data with arbitrary hashes. This is pretty difficult. If you're just signing arbitrary data, there is a real risk that someone can construct something that yields valid data. Where you get killed is that technically, every 256 bytes decrypts to a message -- it's the proportion of valid to invalid messages (and how usable an arbitrary valid message is) that really defines the security of the system. In this case, you just need something that decrypts to a string having N pipes and a string of M digits. Based on some very basic napkin math, that should happen in under or around a billion trials. Inserting your name and an arbitrary degree -- that's going to be a lot more expensive! |
|
|
Also thank you for the insight on RSA functionality, that makes a lot of sense! I didn't realise why hashing is used.
The issue with generating a valid string is, as detailed at the very end of the post, that you need at least a pipes before and b pipes after the digits which need to be between to pipes. That narrows the possibilities down quite a bit.