Is a truncated signature any good?

Discussion in 'Application Software' started by DKane, Jul 3, 2010.

  1. DKane

    DKane MDL Junior Member

    Sep 18, 2009
    63
    63
    0
    #1 DKane, Jul 3, 2010
    Last edited by a moderator: Apr 20, 2017
    If I were to take, say, the last 50 bits off of a standard digital signature, and use that instead, would it still be secure? Beyond the fact that obviously it's easier to bruteforce.

    Would 50bit be enough? Or would I need to take, say 64 bits?

    And would it be feasible to slow down brute-forcing by using an algorithm like this:

    Code:
    i=0
    while(i<500):
    hash(data)
    data+=salt
    ++i
    wend
    sign(data)
    
     
  2. Stannieman

    Stannieman MDL Guru

    Sep 4, 2009
    2,232
    1,798
    90
    What do you want to do?
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  3. rupsd

    rupsd MDL Senior Member

    May 27, 2010
    260
    10
    10
    #3 rupsd, Jul 4, 2010
    Last edited by a moderator: Apr 20, 2017
    what's that??C++ code??
     
  4. DKane

    DKane MDL Junior Member

    Sep 18, 2009
    63
    63
    0
    I want to put a small signature inside a 150-bit packet. Say, 50-70 bits of signature, the rest is message. It would only need to be secure for a few months or so, maybe a year.

    And that's pseudocode, meant to give an idea of what I mean. Basically recursively hash a message with a salt, 500 times or so.

    Basically, I have a message that looks like this:
    [salt:16bits][message:64-84bits][signature:50-70bits]

    (I suppose it would make sense to have the signature be smaller than the message?)