If I were to take, say, the last 50 bits off of a standard digital signature, and use that instead, would it still be secure? Beyond the fact that obviously it's easier to bruteforce. Would 50bit be enough? Or would I need to take, say 64 bits? And would it be feasible to slow down brute-forcing by using an algorithm like this: Code: i=0 while(i<500): hash(data) data+=salt ++i wend sign(data)
I want to put a small signature inside a 150-bit packet. Say, 50-70 bits of signature, the rest is message. It would only need to be secure for a few months or so, maybe a year. And that's pseudocode, meant to give an idea of what I mean. Basically recursively hash a message with a salt, 500 times or so. Basically, I have a message that looks like this: [salt:16bits][message:64-84bits][signature:50-70bits] (I suppose it would make sense to have the signature be smaller than the message?)