On 30.08.2019 01:02, Brian Minton wrote: > On Thu, Apr 25, 2019 at 11:19:15AM +0200, Kristian Fiskerstrand wrote: >> On 4/25/19 9:20 AM, Bernhard Reiter wrote: >>> Wikipedia points out a strong sensitivity of the algorithm to the quality >>> of >>> random number generators and that implementations could deliberately leak >>> information in the signature [3]. This alone probably is a reason to switch >>> keys. >> This isn't really a major point given rfc6979 ( >> https://tools.ietf.org/html/rfc6979 ): Deterministic Usage of the >> Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature >> Algorithm (ECDSA) >> > Does GnuPG use deterministic DSA / ECDSA? >
Yes (at least for modern versions, iirc it was introduced in libgcrypt 1.6.0, but it has been used for 6 or so years) -- ---------------------------- Kristian Fiskerstrand Blog: https://blog.sumptuouscapital.com Twitter: @krifisk ---------------------------- Public OpenPGP keyblock at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3 ---------------------------- Corruptissima re publica plurimæ leges The greater the degeneration of the republic, the more of its laws
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users