On 27/11/14 06:55, NdK wrote:
1) who guarantees that the 'r' seen by the receiving party is the same
generated by the signer? Since it's usually trivially combined with
source text, I feel it's a huge attack vector
The purpose of the signature is to ascertain that the OpenPGP message has not
Perhaps I should add that it takes real research and formal proof to show that
this randomized hashing doesn't add attack vectors, and I have been glossing
over that. But that is because at a glance it looks like such research has been
done. That doesn't mean it's a fact that there are no
(By the way, how did the topic
- gpg.conf: settings for security and compatibility
ever get confused with the topic
- Setpref is not working or is it a bug or something?
because this definitely is the former but is called the latter. Also, @g, as you
apparently call yourself, you seem to start a
Il 26/11/2014 20:39, Peter Lebbing ha scritto:
On 26/11/14 20:31, NdK wrote:
Well, IIUC with rhash you're giving the attacker another mean to tamper
with your message. Unless 'r' is chosen deterministically.
'r' is randomly generated for each signature by the /signing/ party. So the
attacker