0

It's unclear to me how transaction signing and transaction authentication work.

Industrial solutions use both symmetric and asymmetric algorithms to compute the signature.

  • What does RSA add the one-timeness to the transaction?
  • What are the advantages of symmetric vs. asymmetric algorithms for transaction signing?
  • If an ORCA based OTP generator is used and the account number/amount is used as datainput with a moving factor (timestep for instance) is this considered a good transaction signature?
Improve this question

    1 Answer 1

    Reset to default
    -1

    Ok, so you want authenticated transactions, so why not just sign each transaction message together with the time. Use asymmetric encryption - my assumption is symmetric encryption is used by multiple users. Once again it's a toss up between computational power and convenience. So symmetric might be a good idea if you're on a low powered system. Then again, if you're on a trusted network, some non lossy compression should also work.

    With an OTP, this should also work, in the sense that only the owner of the password should be able to execute up to the number of OTP tokens he has. Usually though OTP is the first step to an authenticated session, after which everything after is considered valid. It's surprising how this paradigm is conserved in many other non related domains.

    Improve this answer

      You must log in to answer this question.

      Start asking to get answers

      Find the answer to your question by asking.

      Ask question

      Explore related questions

      See similar questions with these tags.