Title: Signing short messages Post by: roy7 on June 12, 2013, 04:59:03 PM I don't know much about encryption but I recall some older forms had security issues if you had messages that were too short. (Shorter than the key length? Not sure.) Is there any similar issues with signing messages with bitcoin? If I ask someone to sign a single word for instance, just 4-10 characters long, is that any sort of a security issue?
Thanks. Title: Re: Signing short messages Post by: kodo on June 12, 2013, 05:48:49 PM I don't know much about encryption but I recall some older forms had security issues if you had messages that were too short. (Shorter than the key length? Not sure.) Is there any similar issues with signing messages with bitcoin? If I ask someone to sign a single word for instance, just 4-10 characters long, is that any sort of a security issue? Thanks. I still dont understand how to encrypt text.. Title: Re: Signing short messages Post by: roy7 on June 12, 2013, 07:21:35 PM I don't know much about encryption but I recall some older forms had security issues if you had messages that were too short. (Shorter than the key length? Not sure.) Is there any similar issues with signing messages with bitcoin? If I ask someone to sign a single word for instance, just 4-10 characters long, is that any sort of a security issue? Thanks. I still dont understand how to encrypt text.. Bitcoin doesn't do any encryption of text, but it can sign text to prove you own the public key. Since it's the same underlying science as normal public key encryption I wanted to be sure signing short messages didn't open any sort of attack on the private key. Title: Re: Signing short messages Post by: domob on June 12, 2013, 07:24:38 PM Don't take my word for it (I'm neither expert with the code nor with crypto), but I presume for signing a message you first hash it and then sign the hash. Thus it is completely irrelevant how large the message is because you always end up doing your crypto on a fixed-size hash.
Title: Re: Signing short messages Post by: kjj on June 12, 2013, 08:00:55 PM Don't take my word for it (I'm neither expert with the code nor with crypto), but I presume for signing a message you first hash it and then sign the hash. Thus it is completely irrelevant how large the message is because you always end up doing your crypto on a fixed-size hash. Code: vector<unsigned char> vchSig; Yup. Title: Re: Signing short messages Post by: roy7 on June 12, 2013, 08:51:51 PM Ok cool, thank you!
Title: Re: Signing short messages Post by: jackjack on June 12, 2013, 09:04:30 PM I don't know much about encryption but I recall some older forms had security issues if you had messages that were too short. (Shorter than the key length? Not sure.) Is there any similar issues with signing messages with bitcoin? If I ask someone to sign a single word for instance, just 4-10 characters long, is that any sort of a security issue? Thanks. I still dont understand how to encrypt text.. Bitcoin doesn't do any encryption of text, but it can sign text to prove you own the public key. Since it's the same underlying science as normal public key encryption I wanted to be sure signing short messages didn't open any sort of attack on the private key. Title: Re: Signing short messages Post by: threeip on June 12, 2013, 09:07:18 PM I don't know much about encryption but I recall some older forms had security issues if you had messages that were too short. (Shorter than the key length? Not sure.) Is there any similar issues with signing messages with bitcoin? If I ask someone to sign a single word for instance, just 4-10 characters long, is that any sort of a security issue? Thanks. I still dont understand how to encrypt text.. Bitcoin doesn't do any encryption of text, but it can sign text to prove you own the public key. Since it's the same underlying science as normal public key encryption I wanted to be sure signing short messages didn't open any sort of attack on the private key. But you cant encrypt with public key and decrypt with private key, right..? Title: Re: Signing short messages Post by: jackjack on June 12, 2013, 09:09:08 PM I don't know much about encryption but I recall some older forms had security issues if you had messages that were too short. (Shorter than the key length? Not sure.) Is there any similar issues with signing messages with bitcoin? If I ask someone to sign a single word for instance, just 4-10 characters long, is that any sort of a security issue? Thanks. I still dont understand how to encrypt text.. Bitcoin doesn't do any encryption of text, but it can sign text to prove you own the public key. Since it's the same underlying science as normal public key encryption I wanted to be sure signing short messages didn't open any sort of attack on the private key. But you cant encrypt with public key and decrypt with private key, right..? For now, the clients themselves don't do that but it is possible as I made an implementation Title: Re: Signing short messages Post by: Boussac on June 13, 2013, 01:29:18 PM I don't know much about encryption but I recall some older forms had security issues if you had messages that were too short. (Shorter than the key length? Not sure.) Is there any similar issues with signing messages with bitcoin? If I ask someone to sign a single word for instance, just 4-10 characters long, is that any sort of a security issue? Thanks. I still dont understand how to encrypt text.. Bitcoin doesn't do any encryption of text, but it can sign text to prove you own the public key. Since it's the same underlying science as normal public key encryption I wanted to be sure signing short messages didn't open any sort of attack on the private key. But you cant encrypt with public key and decrypt with private key, right..? For now, the clients themselves don't do that but it is possible as I made an implementation Title: Re: Signing short messages Post by: jackjack on June 13, 2013, 05:52:40 PM I don't know much about encryption but I recall some older forms had security issues if you had messages that were too short. (Shorter than the key length? Not sure.) Is there any similar issues with signing messages with bitcoin? If I ask someone to sign a single word for instance, just 4-10 characters long, is that any sort of a security issue? Thanks. I still dont understand how to encrypt text.. Bitcoin doesn't do any encryption of text, but it can sign text to prove you own the public key. Since it's the same underlying science as normal public key encryption I wanted to be sure signing short messages didn't open any sort of attack on the private key. But you cant encrypt with public key and decrypt with private key, right..? For now, the clients themselves don't do that but it is possible as I made an implementation I'm using secret sharing |