>> In my application there's a tradeoff between >> sig length and security and in some instances a short sig >> length, at the risk of some insecurity, will be the right answer. > >Who is the signer and who is the verifier. Can the signer and verifier >engage in an on-line protocol? Are you signing traffic or stored data? > >OpenSSL signs (symmetric MAC) each "message" in an SSL session. >Kerberos signs each message with an ephemeral session key... > >> Are there other algorithms I >> should be looking at besides RSA to accomplish my goal. > >Algorithm selection is the easy part, the hard part is security analysis >and protocol selection. What problem are you trying to solve? > >-- > Viktor.
Sorry - more details: This isn't a comm aplication - it amounts to authentication of application data files. The signer is an utility which exists solely in a vendor's environment. The verifier is an application that exists in a consumer (potentially hostile) environment. Hence asymmetric key algorithms are a fit. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
