On Tue, Jun 3, 2014 at 5:21 PM, Robert Ransom <[email protected]> wrote: > > (For what it's worth, I do think that masking off the high bit was > originally a bug -- it didn't match the behaviour specified in the > paper, or on Dr. Bernstein's Curve25519 web page -- but it's not only > the de-facto standard now, it's also a good idea.)
My point is that it's not the de-facto standard: libraries have been changing from masking -> processing the full 256-bit value: >> http://www.ietf.org/mail-archive/web/cfrg/current/msg04333.html >> https://github.com/jedisct1/libsodium/issues/78 >> https://github.com/agl/curve25519-donna/commit/81b6dcb6cf5b983ec6391f36aa061caef07c58ad I think they should change back! Trevor _______________________________________________ Curves mailing list [email protected] https://moderncrypto.org/mailman/listinfo/curves
