On 12/10/11 22:33 PM, Daniel Löf wrote:
Hi!
Why is there no RSASignatureWithSHA224Digest in the SignatureAlgorithm
class, when there is a RSASignatureWithSHA256Digest?
It seems that JSS supports SHA256, SHA384 and SHA512 but not SHA224.
My guess, there is no point.
SHA224 is an internally-truncated form of SHA256 [0]. As the RSA
algorithm operates over a larger number of bits than 256 [1] there is no
point in supporting truncation within RSA, because we'd just end up
padding the truncation.
And, when doing security work, we always get rid of stuff where we can...
iang
[0] http://en.wikipedia.org/wiki/SHA-2 so, it takes no less time...
[1] Typically. For some arcane crypto reason, an RSA signature operates
over a hash-space of half its key length. So a 1024 bit key operates
over a 512 bit space, in which we can put a hash. Hence, for a 512 bit
RSA key, we can happily survive with a SHA256 key. The only purpose
then for any truncated hash would be a key size of less than 512. This
is typically only interesting in mass-testing scenarios, so it's
somewhat reasonable to ignore that case in the code.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
