[gnutls-devel] GnuTLS | optional: Support for deterministic ECDSA (#94)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Mon Aug 5 22:20:47 CEST 2019
Ondřej Surý commented:
I am quite sure it was DNSSEC in Knot DNS. Especially with on-the-fly signing.
Now I am waiting for the same thing in in OpenSSL for BIND 9 ;).
The ECDSA is too fragile when weak PRNG is used - think of spinning multiple VM guests with the same seed from the image. That might leak private key pretty quickly if the timing is right.
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/94#note_200367633
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-devel