Difficult: I was a little confused by the hash signature. Is the hash function itself the signature (since they are difficult to duplicate), do you take the hash of the message and then sign it, or do you sign the message and then take the hash of the signature? Other than that these sections were pretty accessible. We have discussed all of the encryption algorithms used, and there is only a slight change in usage for signatures. It is all well explained.
Reflective: I appreciated the discussion of how to defend against the birthday attack on hash functions. It seems like such a simple precaution, just change one piece and you probably win. We still haven't really discussed how exactly these functions are used for securing documents (signatures obviously, but I know that I have no personal encryption function to sign things with) so it makes me wonder how these are used when I make a purchase online. Also, I am never given the option of changing a document online, so how can I know that the document hasn't a birthday "double"?
No comments:
Post a Comment