On 10/11/14 17:31, Werner Koch wrote: > Which is used in 2.1: That's great to hear, just like it is in general pretty great you got to release a major new version! Congratulations!
After browsing a bit in the source, I conclude that RFC 6979 is used for both classic DSA and ECDSA; something not immediately apparent from the commit message when you don't know the code. After reading parts of the Ed25519 specification[1], given the way they formulate it there, I was left with the impression that ECDSA is necessarily bound to real randomness. I completely forgot that RFC 6979 is cleverly designed to be a drop-in replacement with no changes needed on the receiving side. With Pete Stephenson also rightly calling out my wrong statement on the Brainpool curves, I've come to regret my too hastily written reply. I should have checked my statements. I already had enough doubt to qualify my statement with "and (I believe also) Brainpool". There is enough FUD out there without me adding to that :(. But I'm glad people were quick to point out my factual errors. Thanks! Peter. [1] Bernstein, D., Duif, N., Lange, T., Schwabe, P., and B. Yang, "High-speed high-security signatures", Journal of Cryptographic Engineering Volume 2, Issue 2, pp. 77-89, September 2011, <http://dx.doi.org/10.1007/s13389-012-0027-1>. PS: Is there a better way to say "classic DSA"? What about "ElGamal-style DSA"? -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
