On Sat, 7 Sep 2013 10:05:22 -0400 "Jeffrey I. Schiller" <j...@mit.edu> wrote: > Fragile public key systems (such as Elgamal and all of the variants > of DSA) require randomness at signature time. The consequence for > failure is catastrophic.
Note that such systems should at this point be using deterministic methods (hashes of text + other data) to create the needed nonces. I believe several such methods have been published and are considered good, but are not well standardized. Certainly this eliminates a *very* important source of fragility in such systems and should be universally implemented. References to such methods are solicited -- I'm operating without my usual machine at the moment while its hard drive restores from backup. Perry _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
