Include note about non-deterministic usage in documentation. #11
Comments
zamicol
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
zamicol
changed the title
Something along the lines of: "Non-deterministic signing may result in unique signatures. Although this use is RFC non-compliant, tool performing such operations may produce many different signatures for the same key and message. Verification tools have no way to know if the messages have been created in such a way, and thus will validate and verify. Verification tools are not given enough information to force an error on non-compliant constructions that use non-deterministic generation."
Here's an example "abusing" R, i.e. a signature that is not RFC compliant but there is no way to tell at the time of verification:
https://cyphr.me/ed25519_tool/ed.html#?alg_type=Msg&msg_enc=Text&msg=this%20is%20a%20test%20message&key_enc=Hex&key=9a197e4e00c86d52e22bff7d19162b9f372e9eefdd394c51f6250355305ef187&sig=d2f48969d58865dc37a8cf53d2c9db5a6384611ee1a539692f41a6ca67a93fdc8f6c2f6c86eb89afc840b9088dfeb8b93fc569304835478f8c94a784282b3b01&verify
https://cyphr.me/ed25519_tool/ed.html#?alg_type=Msg&msg_enc=Text&msg=this%20is%20a%20test%20message&key_enc=Hex&key=9a197e4e00c86d52e22bff7d19162b9f372e9eefdd394c51f6250355305ef187&sig=c3c0132022abeefbee6e915f89c044bf1c845fa6340e62abfde1d4caf317c37fa3ce5f4f8b9d8262fbd6c30d2196aeb2c22faa9431204b067eacd1a0cf15750e&verify
The text was updated successfully, but these errors were encountered: