[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Re: fatal: Botan::PRNG_Unseeded
From: |
Jack Lloyd |
Subject: |
Re: [Monotone-devel] Re: fatal: Botan::PRNG_Unseeded |
Date: |
Tue, 1 Apr 2008 13:56:11 -0400 |
User-agent: |
Mutt/1.5.11 |
On Tue, Apr 01, 2008 at 11:18:22AM +0200, Lapo Luchini wrote:
> Nathaniel Smith wrote:
> >>What else are random numbers used for? As I understand it, signing
> >>does not use random numbers, but maybe I'm confused.
> >
> >IIRC signatures do include random nonces -- I think this is one of the
> >things I picked up from Paul's rants about our cryptography -- but I
> >could be wrong too.
>
> AFAIR he was complaining about the very fact that we currently use
> signatures that don't, and proposed to change 'em =)
>
Monotone uses EMSA3 (aka PKCS#1 v1.5), which is a deterministic
encoding. So for a fixed input, the same key will always produce the
same signature. (The generally accepted solution for RSA signature
padding is EMSA4 aka PSS, which is a randomized method).
-Jack