>From: "\"Hal Finney\"" <[EMAIL PROTECTED]> >Sent: Sep 8, 2004 2:48 PM >To: [EMAIL PROTECTED] >Subject: Seth Schoen's Hard to Verify Signatures
>The method Seth describes is to include a random value in the signature >but not to include it in the message. He shows a sample signature >with 3 decimal digits hidden. The only way to verify it is to try all >possibilities for the random values. By controlling how much data is >hidden in this way, the signer can control how long it will take to >verify the signature. I've seen this described in a paper by Abadi, Lomas & Needham as an alternative to a high iteration count for password hashing. >Hal Finney --John Kelsey
