Does 0.11.0 change the wireformat of the p2p messages? If so, it could be feasible to change the sign/verify semantics. But if not, it is better to wait until other (crypto-related) changes make it into the version that would break compatibility anyway... >Y<
On 07/11/2018 01:38 PM, Devan Carpenter wrote: > Thanks for the discovery and analysis of this, Bernd. > > I wonder if this would be feasible to try to make into the 0.11.0 release..? > > Bernd Fix transcribed 1.1K bytes: >> The EdDSA signature implementation in GNUnet calls the 'gcry_pk_sign >> (&sig, msg, prv)' function not with the message itself, but with the >> SHA512 hash value of the message. >> >> Due to the intricities of EdDSA signing this is not necessary (hashing >> is done in the sign function itself, as more than just the message is >> hashed for this). >> >> Although the GNUnet approach is not breaking things technically, it >> produces unnecesary load: It is running an extra SHA512 - and because >> the signed message is usually rather small (from what I have seen until >> now the signed data is smaller than the 64 bytes of a SHA512 result), >> the sign functions even needs to hash more data than necessary. >> >> I guess that changing the sign/verify procedure would break >> compatibility between new and old nodes and is therefore not feasable. I >> just want to mention this in case a major version change is considered. >> >> Thanks for your attention, Bernd. >> >> _______________________________________________ >> GNUnet-developers mailing list >> [email protected] >> https://lists.gnu.org/mailman/listinfo/gnunet-developers _______________________________________________ GNUnet-developers mailing list [email protected] https://lists.gnu.org/mailman/listinfo/gnunet-developers
