At 11:20 AM 11/25/95 -0800, you wrote:
At 01:53 AM 11/26/95 -0800, anonymous-remailer@shell.portal.com wrote:
You'd rather sign before encryption?? Doesn't that give you "known plain-text" to attack?
The signature is not known unless the whole message being signed is known.
Signatures often have known, or easily guessed, plaintext in them, like the signer's name or ID number, or various header fields such as X.509's equivalent to ----- BEGIN PGP ....
And any encryption scheme that is vulnerable to known plaintext attack where only a part of the message is known, is worthless anyway.
DES isn't worthless. It's a bit weak, but not worthless. #-- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0663 Pager/Voicemail 1-408-787-1281