On 26/11/14 20:31, NdK wrote: > Well, IIUC with rhash you're giving the attacker another mean to tamper > with your message. Unless 'r' is chosen deterministically.
'r' is randomly generated for each signature by the /signing/ party. So the attacker loses control over the input to the hashing algorithm, and they no longer can use collision attacks because they don't know the exact input to the hashing algorithm. Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
