Hello All, Friday, April 17, 2020, 8:41:08 PM, Maxim Masiutin wrote:
> signed by “sha512ECDSA†algorithm It was me who pasted bad characters, not a mailing list software issue or whatsoever. The correct text is the following. [*] In an ECDSA signature, if a hash function had larger digest length (in bits) than the field size (which is not a good practice), The Bat! treated these signatures as invalid. It might lead to invalid ECC certificates, e.g. signed by "sha512ECDSA" algorithm. It might also lead to the following error: "TLS protocol error: Internal error BuildClientKeyExchange". For more information, see section 6.4 of FIPS.186-4 "ECDSA Digital Signature Generation and Verification": it is recommended that the security strength associated with the bit length of n and the security strength of the hash function be the same unless an agreement has been made between participating entities to use a stronger hash function. When the length of the output of the hash function is greater than the bit length of n, then the leftmost n bits of the hash function output block shall be used in any calculation using the hash function output during the generation or verification of a digital signature. A hash function that provides a lower security strength than the security strength associated with the bit length of n ordinarily should not be used, since this would reduce the security strength of the digital signature process to a level no greater than that provided by the hash function. -- Maxim Masiutin Ritlabs, SRL Director ________________________________________________________ 'Using TBBETA' information: http://www.silverstones.com/thebat/TBUDLInfo.html
