Skip to content
Commit 23b9568f authored by Adam Langley's avatar Adam Langley Committed by Alex Klyubin
Browse files

Add option to harden (EC)DSA nonces against weak RNGs. 

Private key information is leaked by (EC)DSA signatures when nonces
are produced by a weak RNG. This CL adds an option (disabled by
default) to mix in the private key and the hash of message into the
nonces produced by RNG for (EC)DSA signatures. This mitigates the
weakness, provided the private key was generated by strong RNG.

Change-Id: I60dbf57bff3cfcdcbbeb18be5d9dfba523cc6bb8
parent 88e96012
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment