On Mon, 10 Nov 2014 15:32, [email protected] said: > This is not necessarily true if [RFC6979]: "Deterministic Usage of the > Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature > Algorithm (ECDSA)" is used.
Which is used in 2.1: commit 6466db10fb22a4f24df4edad9c5cb33ec67321bd Author: Werner Koch <[email protected]> Date: Sat Sep 7 10:06:46 2013 +0200 Switch to deterministic DSA. * agent/pksign.c (rfc6979_hash_algo_string): New. (do_encode_dsa) [Libgcrypt >= 1.6]: Make use of RFC-6979. -- Now that we have a good (and not NSA/NIST demanded ;-) specification on how to use DSA without a random nonce, we take advantage of it and thus avoid pitfalls related to a misbehaving RNG during signature creation. Note that OpenPGP has the option of using a longer hash algorithm but truncated to what is suitable for the used DSA key size. The hash used as input to RFC-6979 will also be one with an appropriate digest length but not a truncated one. This is allowed by RFC-6979. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
