[cryptography] Error in PKCS #1 v2.1?
paul at ciphergoth.org
Thu Feb 17 09:26:35 EST 2011
On 17/02/11 14:20, Alexander Klimov wrote:
> So, if
> RSASSA-PSS-SIGN (K, M)
> gets M which is too large, then one of the above operations will
> detect the problem.
The size of M doesn't enter into it; if M is small enough that the hash
function can handle it, its size doesn't change the size of anything
else used to generate or verify the signature. It's the size of the
intermediate quantity EM I'm looking at here; it seems clear to me that
it has to be small enough to guarantee that OS2IP (EM) < n, or RSASP1
will return "message representative out of range", which shouldn't
happen in normal circumstances.
\/ o\ Paul Crowley, paul at ciphergoth.org
More information about the cryptography