[Cryptography] ElGamal, DSA randomness (was Re: Why prefer symmetric crypto over public key crypto?)
Perry E. Metzger
perry at piermont.com
Sat Sep 7 20:09:24 EDT 2013
On Sat, 7 Sep 2013 10:05:22 -0400
"Jeffrey I. Schiller" <jis at mit.edu> wrote:
> Fragile public key systems (such as Elgamal and all of the variants
> of DSA) require randomness at signature time. The consequence for
> failure is catastrophic.
Note that such systems should at this point be using deterministic
methods (hashes of text + other data) to create the needed nonces. I
believe several such methods have been published and are considered
good, but are not well standardized. Certainly this eliminates a *very*
important source of fragility in such systems and should be universally
implemented.
References to such methods are solicited -- I'm operating without my
usual machine at the moment while its hard drive restores from backup.
Perry
More information about the cryptography
mailing list