u want to protect 'r' from modification, there are basically two ways to
do it. You can include 'r' in the hashed data, or in the signature.
I'll outline what an OpenPGP message might look like[2] with randomized hashing,
with a symbol prepended to each line that indicat
On Thursday 27 November 2014 17:10:08 NdK wrote:
> Il 27/11/2014 11:28, Peter Lebbing ha scritto:
>
> [Resending to list]
>
> > Perhaps I should add that it takes real research and formal proof to show
> > that this randomized hashing doesn't add attack vectors, and
A-512.
That's one of the reasons I like the cards that do the last hash round more.
Maybe it's just a performance issue?
I suppose also simplicity, verifiability, implementation cost...
Probably.
The rest seems unrelated to randomized hashing except for what I already
mentioned
Il 27/11/2014 11:28, Peter Lebbing ha scritto:
[Resending to list]
> Perhaps I should add that it takes real research and formal proof to show that
> this randomized hashing doesn't add attack vectors, and I have been glossing
> over that. But that is because at a glance it l
w smartcard. Furthermore, the size of
'r' might pose a problem; it's a significant addition to the data structure that
is signed.
> Maybe it's just a performance issue?
I suppose also simplicity, verifiability, implementation cost...
The rest seems unrelated to randomized hashing
Perhaps I should add that it takes real research and formal proof to show that
this randomized hashing doesn't add attack vectors, and I have been glossing
over that. But that is because at a glance it looks like such research has been
done. That doesn't mean it's a fact th
