[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Monotone-devel] Re: fatal: Botan::PRNG_Unseeded

From: Jack Lloyd
Subject: Re: [Monotone-devel] Re: fatal: Botan::PRNG_Unseeded
Date: Tue, 1 Apr 2008 13:56:11 -0400
User-agent: Mutt/1.5.11

On Tue, Apr 01, 2008 at 11:18:22AM +0200, Lapo Luchini wrote:
> Nathaniel Smith wrote:
> >>What else are random numbers used for? As I understand it, signing
> >>does not use random numbers, but maybe I'm confused.
> >
> >IIRC signatures do include random nonces -- I think this is one of the
> >things I picked up from Paul's rants about our cryptography -- but I
> >could be wrong too.
> AFAIR he was complaining about the very fact that we currently use 
> signatures that don't, and proposed to change 'em =)

Monotone uses EMSA3 (aka PKCS#1 v1.5), which is a deterministic
encoding. So for a fixed input, the same key will always produce the
same signature. (The generally accepted solution for RSA signature
padding is EMSA4 aka PSS, which is a randomized method).


reply via email to

[Prev in Thread] Current Thread [Next in Thread]