[Cryptography] More efficient and just as secure to sign message hash using Ed25519?
Allen
allenpmd at gmail.com
Mon Aug 3 14:40:51 EDT 2015
> If you are really worried about future collisions in SHA-512 you can sign an HMAC instead of a simple hash.
I think for my application I'm going to end up signing a short input that consists of the concatenation of (the 512 bit hash of the message || the length of the message || a few small values that in my application tie the message to its context). In theory, the extra values aren't necessary, but it is a low cost way to harden the algorithm slightly and counter the potential perception that I took a shortcut in implementing the Ed25519 algorithm.
More information about the cryptography
mailing list