On Mon, Aug 11, 2014 at 10:11:43AM +0200, Werner Koch wrote:
On Sun, 10 Aug 2014 19:57, chris(_dot_)privat(_at_)genodeftest(_dot_)de said:
3. Replace DSA as default public-key algorithm (since it relies on good
random which is often not available/ensured) by RSA.
You mean the random K value commonly used for signatures? GnuPG has
replaced that by the RFC-6979 method. I don't know how other
implementations handles this.
Just to clarify for those on the list (I'm not sure of the technical
competencies of most on the list), RFC 6979 as I understand it specifies a
"deterministic DSA". This is calculated by first creating an HMAC_DRBG(k,c)
value, where 'k' is a randomly generated key, and 'c' is a counter. Provided
the hashing algorithm is cryptographically secure, even though the output is
determined, its output is indistinguishable from true random, and it will be
uniformly chosen. This output is now the "random k" for DSA that Werner refers
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
Description: PGP signature
openpgp mailing list