yet another tiny feature: deterministic ECDSA
christian at grothoff.org
Fri Apr 12 15:18:25 CEST 2013
On 04/12/2013 01:58 PM, Vladimir 'φ-coder/phcoder' Serbinenko wrote:
>> No, that's insufficient as the encrypted message must be verifiable for
>> intermediaries that do
>> not have access to the key, so public key crypto is required.
> Then sign in top of it. Thing is any non-randomness in DSA parameters,
> no matter how small, is exploitable
I believe a 'k' value derived via cryptographic hash (of data that the
does not have) function will be sufficiently random. After all, the
is derived by the same method in our application.
Signing on top of it doesn't help, as I want identical binary output ---
users share the same file (or file meta data in this case), the
in the database should also be identical so that I can detect duplicates.
More information about the Gcrypt-devel