-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA384 Hi,
while implementing OTR I stumbled upon the very same issue... It'd be great to clarify this in the spec, as suggested by Adam. Cheers, Hannes On 11/29/2011 22:37, Adam Langley wrote: > In http://www.cypherpunks.ca/otr/Protocol-v2-3.1.0.html, it says: > > "This is the signature, using the private part of the key pubB, of > the 32-byte MB (which does not need to be hashed again to produce > the signature)." > > In http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf, > section 4.6: > > "z = the leftmost min(N, outlen) bits of Hash(M)" > > Where outlen is the output length of the hash function (256 here) > and N is the bit length of q (160 for OTR). > > libgcrypt doesn't do this and, therefore, not does the OTR > protocol. I think it's worth making a note of that - it screwed me > up for a while :) > > > Cheers > > AGL > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCQAGBQJUTmMkAAoJELyJZYjffCjuu7UP/3Vw3X4q72Pfmuh+xuiHPFv5 qWP7Cjl0MLS2s5qzKJeeKgS6rx3G35NJCoHqfEJn9ZjjLUZauWjK4ZcZnk+EfLD0 4JmG2mrxAUc9AoNLoIE330oXYqXgxAsL/nSB12Gf1C17mrxCdUJ2FwU6GP7bC9Nx VcktSOMAXK8CzaKEh7onK5ZDQp3FH2IFSzTzfdcTTy3Z1wTZE6RiTOVwi+bjBkzM ipJL3HFYoYGr8CdGpDO3p6xTFzeGdsfK4E8noqJIJzPTpJoUi7hYp8wkUmnz19Za 9DUFqvd0RNnFKKs/lXJ2Vuo50fWCkU19qYeev/81vAM2z0zVPllGBbufwMzfzn38 nyBPaoGBUUImRI9iAWo+L+5tzkV+jB+7tURoBmsdyTo8oW2fyoVk/bLbRz8PnB0c ZdXPux5QKqezOH6qPRS+qeOB4YIXgbjv2ePgNhFoBn6TphFnPyu7CAxTFlSL/GD6 lqF0QeVI/zJD3bpkxYXX0b4jmAJDWji5n3+Ycb9Wxi/GiR/Yh9AdFxjp42sYDY33 gLr8hoWzIi/yCxlBaK5vh8TpFGyFRbXyQBcNOyIs6+HvgSrD1zu/gAn874Yd1Hve 07N2s7OTA/gUonmEu+D3wGp1KU9SDvaNmWW31o0fuXkvju3yvUPdQ9ws/3hQZRDI e/8T42HQB2yxucpHRF56 =U+xe -----END PGP SIGNATURE----- _______________________________________________ OTR-dev mailing list OTR-dev@lists.cypherpunks.ca http://lists.cypherpunks.ca/mailman/listinfo/otr-dev
