You could just use RSA encryption to encrypt the message in the following manner:
The user encrypts the message with his *private* key.
That's a signature. ...
At a bare minimum this would have to be done on a level of granularity of a sent[e]nce to have any meaning at all and even then [its] rel[e]vance would be questioned.
Quoting in the real world is like that (although that would allow you to transpose/repeat sentences [?]). The problem is more one of having too much to sign (processor time/bandwidth), but I think you're always going to have that with a small granularity. Also, when not using a hash, you have to worry about chosen-gidget attacks (see the excerpt from the PGP Attack FAQ after my .sig...).
- --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0
Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html - ---------------------------------------------------------------
--------------------------------------------------------------------------- Randall Farmer rfarmer@hiwaay.net http://hiwaay.net/~rfarmer ---------------------------------------------------------------------------
From the PGP Attack FAQ:
Choosen cipher-text attack
An attacker listens in on the insecure channel in which RSA messages
are passed. The attacker collects an encrypted message c, from the
target (destined for some other party). The attacker wants to be able
to read this message without having to mount a serious factoring
effort. In other words, she wants m=c^d.
To recover m, the attacker first chooses a random number, r