On Sat, 7 Sep 2013 10:05:22 -0400
"Jeffrey I. Schiller" <j...@mit.edu> wrote:
> Fragile public key systems (such as Elgamal and all of the variants
> of DSA) require randomness at signature time. The consequence for
> failure is catastrophic.

Note that such systems should at this point be using deterministic
methods (hashes of text + other data) to create the needed nonces. I
believe several such methods have been published and are considered
good, but are not well standardized. Certainly this eliminates a *very*
important source of fragility in such systems and should be universally

References to such methods are solicited -- I'm operating without my
usual machine at the moment while its hard drive restores from backup.

The cryptography mailing list

Reply via email to