2017-08-25 11:14 AM
Hi all,
The signature algorithms (DSA or ECDSA) all require a random number. If this random number can be guessed, the signature becomes weak and the private key can be recovered (cf. the Sony PS3 signature affair).
It seems that this random number cannot be set at signature time (functions
RSA_PKCS1v15_Sign
or ECDSAsign) and the the security in non hardware-RNG mode likely relies on the pseudo-random generator andon its initialization (as this is usually difficult to get
properly
done).
It
would be a nice improvement to the library to add this capability via an extra argument, as one could use a value like HMAC(message,priv_key) as this is done in ED25519 and in some systems.Does anyone has experience with the quality of the signatures in the different modes (hardware and firmware RNG) ?
Thanks
Jose
2017-08-25 11:50 AM
I don't understand the lack of source, most of this is entirely lifted from public domain sources, or derivatives thereof.