Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Hope it will be clear. I need to digitally sign pieces of information. What I\'m

ID: 648774 • Letter: H

Question

Hope it will be clear.

I need to digitally sign pieces of information. What I'm currently doing is the following (for each piece of information):

Run SHA1 on the information

Encrypt the result with RSA

Store both of them together Now, I can say for sure if someone altered the information.

My problem is that I don't want to run the RSA encryption on each one of the pieces since it has some performance hit on my system.

I thought of doing the following:

Generate a seed for the SHA1

Encrypt the seed with RSA

Store the encrypted seed.

Now I can only run the SHA1 (+seed) on each piece of information.

I don't find any reason for why it should be less safe than what I'm doing today. Is it true? any thoughts about it?

Thanks

Explanation / Answer

Your scheme doesn't appear to provide any authentication whatsoever.

For a normal RSA digital signature the intended recipient can calculate the hash of the message, decrypt the signature using the public key to get the original hash, and compare them to authenticate the message. If an attacker is to tamper with the message, then in order to change the signature so that it matches the tampered message they would require access to the private key (which we assume they do not have).

In your scheme, an attacker can simply modify the message and update the "signature" by recalculating the hash of [tampered message + seed]. The attacker must have access to the (unencrypted) seed because it was encrypted with the private key, and so can be decrypted with the public key which we assume the attacker has. If the seed was instead encrypted with the public key, then the attacker would not be able to decrypt it to get the original seed in order to calculate a new hash, but nobody else would be able to either so it would be impossible for the intended recipient to verify the signature is correct.

Related Questions

Hookworm and the South of USA Questions /50 1. What was the problem and disease
Question #217553
Hooli is a large international corporation that makes the world a better place t
Question #3044398
Hoop Rolling up Hill Must answer both parts A thin hoop of radius r = 0.71 m and
Question #1472565
Hooper Chemical Company, a major chemical firm that uses such raw materials as c
Question #2645983
Hooper Chemical Company, a major chemical firm that uses such raw materials as c
Question #2772320
Hooper Chemical Company, a major chemical firm that uses such raw materials as c
Question #2826710
Hooper Chemical Company, a major chemical firm that uses such raw materials as c
Question #3440655
Hooper Printing Inc. has bonds outstanding with 13 years left to maturity. You a
Question #2467542

Navigate

Previous
Hope is a self-employed taxpayer who turns 54 years old at the end of the year (
Next
Hope received $32,000 in cash from pledges made in the previous year that were u

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.