nhyatt/putty-source
1
0
Fork 0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-07-02 03:52:49 -05:00
Code Issues Projects Releases Wiki Activity

Update docs and FAQ for current DSA policy.

Browse Source 
I think the deterministic DSA system we've been using for ages can now
be considered proven in use, not to mention the fact that RFC 6979 and
the Ed25519 spec both give variants on the same idea. So I've removed
the 'don't use DSA if you can avoid it' warning.
This commit is contained in:
Simon Tatham
2016-03-27 20:10:56 +01:00
parent 31d48da317
commit c5021a121b
2 changed files with 7 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
doc/faq.but
View File

@ -1110,8 +1110,13 @@ The PuTTY policy changed because the developers were informed of
ways to implement DSA which do not suffer nearly as badly from this
weakness, and indeed which don't need to rely on random numbers at
all. For this reason we now believe PuTTY's DSA implementation is
probably OK. However, if you have the choice, we still recommend you
use RSA instead.
probably OK.
The recently added elliptic-curve signature methods are also DSA-style
algorithms, so they have this same weakness in principle. Our ECDSA
implementation uses the same defence as DSA, while our Ed25519
implementation uses the similar system (but different in details) that
the Ed25519 spec mandates.
\S{faq-virtuallock}{Question} Couldn't Pageant use
\cw{VirtualLock()} to stop private keys being written to disk?