On Fri, 13 Dec 2024 12:43, andrewg said: > would equally be possible to create a collision in an unsalted > signature by manipulating the first N bits of the message. But while
But these first N bits of the message may allow to detect a modification. A non-deterministic salt allows to hide the modification. I have not a problem with a _deterministic_ salt but I do have one with adding a new covert channel. And of course with the stupid way on how this was added to the specs. Extra data belongs into a signature subpacket and if you really want it at the begin of the subpacket area, well, specify it this way. The whole point here is to willy-nilly make it impossible to support the new signing packet. Shalom-Salam, Werner -- The pioneers of a warless world are the youth that refuse military service. - A. Einstein
openpgp-digital-signature.asc
Description: PGP signature
_______________________________________________ Gnupg-devel mailing list Gnupg-devel@gnupg.org https://lists.gnupg.org/mailman/listinfo/gnupg-devel
