What do you think about this signature scheme using RSA with 4096 bit keys?
Being R pseudorandom padding, fixed length (4096 - 512 bits):
RSApriv(R || SHA512(M))
I know that it's not as secure as RSASSA-PSS, but it looks better than RSASSA-PKCS1 to me (because of the random padding).
Am I missing anything important?
Thanks in advance.
Aucun commentaire:
Enregistrer un commentaire