Re: Agree with PRZs MDC suggestion1999-05-28 13:19:35On Fri, May 28, 1999 at 01:26:05AM -0400, uri wrote: [...] we could require that MDC can *not* be turned off.What does that mean for existing implementations?[...] let bygones be bygones. Then why not dump plain ElGamal encryption in favor of DHAES (see http://www.cse.ucsd.edu/users/mihir/papers/pke.html), DHAES being used on whole messages, not just session keys? (DHAES is basically ElGamal done right plus an MDC, and there are security proofs for it.)
|
|