Adding a nounce before hashing as covert channel
Werner Koch
wk at gnupg.org
Mon Dec 16 13:54:40 CET 2024
On Fri, 13 Dec 2024 12:43, andrewg said:
> would equally be possible to create a collision in an unsalted
> signature by manipulating the first N bits of the message. But while
But these first N bits of the message may allow to detect a
modification. A non-deterministic salt allows to hide the modification.
I have not a problem with a _deterministic_ salt but I do have one with
adding a new covert channel. And of course with the stupid way on how
this was added to the specs. Extra data belongs into a signature
subpacket and if you really want it at the begin of the subpacket area,
well, specify it this way.
The whole point here is to willy-nilly make it impossible to support the
new signing packet.
Shalom-Salam,
Werner
--
The pioneers of a warless world are the youth that
refuse military service. - A. Einstein
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 247 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20241216/983739e9/attachment.sig>
More information about the Gnupg-devel
mailing list