Use RSA-PSS for signatures in PublicKeyAuthenticator

kit-tm / PTP

Peer-Tor-Peer

GNU General Public License v3.0

6 stars 4 forks source link

Use RSA-PSS for signatures in PublicKeyAuthenticator #3

Open thack1 opened 7 years ago

thack1 commented 7 years ago

The signatures for authentication use RSA PKCS #1 v1.5 Padding which has no proof of security. Switch to RSA-PSS as standarized in PKCS #1 v2.1. RSA-PSS has a proof of security in the ROM.

thack1 commented 7 years ago

Probably not provided by Java by default. Use Bouncycastle.