* using non-deterministic ECDSA with a predictable source of randomness means that each signature can potentially leak the secret material of the signing key.
My understanding is that the first step in generating an ECDSA signature is to generate a random value K. The private key is disclosed if the same K is used to produce more than one signature. The chances of generating the same K is vanishingly small if there is a reasonable pseudorandom source. I would hope that the servers running the logs have a reasonable source of pseudorandom values. Russ On Apr 1, 2015, at 10:50 AM, trans issue tracker wrote: > #83: CT should mandate the use of deterministic ECDSA > > RFC:6979 describes how to do deterministic ECDSA. > > certificate transparency logs should be required to use this mechanism, > for two reasons: > > * using non-deterministic ECDSA with a predictable source of randomness > means that each signature can potentially leak the secret material of the > signing key. > > * a log that produces two separate valid STHs with the same timestamp and > same data but with different signatures should be considered dubious > (though i don't have a concrete attack i can describe for this scenario > yet) -- ensuring the use of deterministic ECDSA means that in normal > operation, regular logs won't produce this behavior. > > -- > -------------------------+------------------------------------------------- > Reporter: | Owner: draft-ietf-trans- > [email protected] | [email protected] > Type: defect | Status: new > Priority: major | Milestone: > Component: rfc6962-bis | Version: > Severity: - | Keywords: > -------------------------+------------------------------------------------- > > Ticket URL: <http://trac.tools.ietf.org/wg/trans/trac/ticket/83> > trans <http://tools.ietf.org/trans/> > > _______________________________________________ > Trans mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/trans _______________________________________________ Trans mailing list [email protected] https://www.ietf.org/mailman/listinfo/trans
