I wrote: >So the immediate application of this observation is to make any 64-bit value >comply with the ASN.1 encoding rules: If the first bit is 1 (so the sign bit >is set), swap it with any convenient zero bit elsewhere in the value. >Similarly, if the first 9 bits are zero, swap one of them with a one bit from >somewhere else. Fully compliant with BR 7.1, and now also fully compliant >with ASN.1 DER.
Oops, need to clarify that: Note the specific use of "swap one of them". You can't just drop in a zero bit you made up yourself, you have to use one of the original zero bits that came from the CSPRNG or you won't be compliant with BR 7.1 any more. So you need to swap in a genuine zero bit from elsewhere in the value, not just replace it with your own made-up zero bit. Peter. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
