[146782] in cryptography@c2.net mail archive
[Cryptography] ElGamal,
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Sat Sep 7 20:09:31 2013
X-Original-To: cryptography@metzdowd.com
Date: Sat, 7 Sep 2013 20:09:24 -0400
From: "Perry E. Metzger" <perry@piermont.com>
To: "Jeffrey I. Schiller" <jis@mit.edu>
In-Reply-To: <20130907140522.GA4132@jis.tzo.com>
Cc: cryptography@metzdowd.com, ianG <iang@iang.org>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com
On Sat, 7 Sep 2013 10:05:22 -0400
"Jeffrey I. Schiller" <jis@mit.edu> wrote:
> Fragile public key systems (such as Elgamal and all of the variants
> of DSA) require randomness at signature time. The consequence for
> failure is catastrophic.
Note that such systems should at this point be using deterministic
methods (hashes of text + other data) to create the needed nonces. I
believe several such methods have been published and are considered
good, but are not well standardized. Certainly this eliminates a *very*
important source of fragility in such systems and should be universally
implemented.
References to such methods are solicited -- I'm operating without my
usual machine at the moment while its hard drive restores from backup.
Perry
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography
