On Wed, 25 Sep 2019 16:35, [email protected] said: > Wikipedia is not a very good reference for low-level technical details. > Ed25519 is shorthand for "EdDSA on a specific curve": it is silent on > the subject of hash algorithms, although you can specify one as > "Ed25519-SHA-512" or what-have-you.
Not quite true. We use ed25519 with SHA-512. However, what we sign is a hash value which often commonly happens to be a SHA-256 hash. The reasons for this is that this model better fits into the OpenPGP framework and - more important - this indirection allows us to implement ed25519/sha512 in a smartcard. Consider the case that you want to sign a large data blob with a smartcard: With the direct ed25519 method it would be required to send the entire data to the smartcard which would take way to long for any practical application. Smardcards communicate in the 300 kBit/sec range and even USB tokens or not much faster. Further they employ small 16 bit CPUs where taking a SHA-512 hash on a lot of data will take ages. Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
