yet another tiny feature: deterministic ECDSA
Vladimir 'φ-coder/phcoder' Serbinenko
phcoder at gmail.com
Fri Apr 12 13:58:50 CEST 2013
On 12.04.2013 13:13, Christian Grothoff wrote:
> On 04/12/2013 01:06 PM, Vladimir 'φ-coder/phcoder' Serbinenko wrote:
>>>> Why not just use a standard protocol? There are loads of standard
>>>> protocols for nearly every possible use.
>>> But not for what we're doing. If you want to read up on the
>>> details, see https://gnunet.org/bugs/view.php?id=2564
>>>
>> It sounds like you just need salted hash or HMAC if I understand the
>> algorithm
>>
>>
> No, that's insufficient as the encrypted message must be verifiable for
> intermediaries that do
> not have access to the key, so public key crypto is required.
>
Then sign in top of it. Thing is any non-randomness in DSA parameters,
no matter how small, is exploitable
> Christian
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 294 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20130412/ce2b3b35/attachment.sig>
More information about the Gcrypt-devel
mailing list