nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00
Code Issues Projects Releases Wiki Activity

Add extra explanatory comment about the DSA k generation.

Browse Source 
[originally from svn r1285]
This commit is contained in:
Simon Tatham 2001-09-22 21:00:16 +00:00
parent d345ebc2a5
commit 8306df80a4
1 changed files with 10 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
sshdss.c
View File

@ -546,9 +546,16 @@ unsigned char *dss_sign(void *key, char *data, int datalen, int *siglen)
* signing the same hash twice with the same key yields the * signing the same hash twice with the same key yields the
* same signature. * same signature.
* *
* (It doesn't, _per se_, protect against reuse of k. Reuse of * Despite this determinism, it's still not predictable to an
* k is left to chance; all it does is prevent _excessively * attacker, because in order to repeat the SHA-512
* high_ chances of reuse of k due to entropy problems.) * construction that created it, the attacker would have to
* know the private key value x - and by assumption he doesn't,
* because if he knew that he wouldn't be attacking k!
*
* (This trick doesn't, _per se_, protect against reuse of k.
* Reuse of k is left to chance; all it does is prevent
* _excessively high_ chances of reuse of k due to entropy
* problems.)
* *
* Thanks to Colin Plumb for the general idea of using x to * Thanks to Colin Plumb for the general idea of using x to
* ensure k is hard to guess, and to the Cambridge University * ensure k is hard to guess, and to the Cambridge University