On Tuesday, May 19, 2015 at 5:28:15 AM UTC-4, Dinis Paes wrote: > > ... I would say that depending on the definition of NDEBUG it's either > possible to have zeros for 'r' and 's' or the program aborts. >
NDEBUG should always be defined in release builds. That's the only thing POSIX gives us (http://pubs.opengroup.org/onlinepubs/009695399/basedefs/assert.h.html). And they don't give us the DEBUG macro. When I audit code, and if the project is missing NDEBUG in release, then I flag it as a security finding because of the propensity to cause a DoS. A perfect example is BIND (http://www.google.com/search?q=bind+assert+site:nvd.nist.gov). It powers most DNS on the internet, and it DoS's itself regularly. > I'm not an expert on this subject but can a "good" PRNG by itself prevent > 'r' and 's' from being zero independently of the contents of the message > being signed? > No. a string of 0's is as equally likely as a sting of 1's or any other pattern. Its a probabilist improbability when the size of the integer is large enough. 20 bytes is large enough. Jeff -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [email protected]. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
