Whoops, @Yubico just scored 31% on the Sony PS3 Epic Fail scale. Collect three signatures from a FIPS Yubikey and you can calculate the private key.https://www.yubico.com/support/security-advisories/ysa-2019-02/ …
-
Deterministic nonce generation is possible for all curves, isn't it? Besides, mandating possibly flawed curves is quite bad idea but maybe it's due to back compat.
It is, but it isn't the standard for most curves, and *especially* for a FIPS device I doubt they could get away with doing that. Most standards are still using horrid NSA curves, even U2F. Only very recently is ed25519 expanding beyond the space of open source software.
![MⒶrtin HⒶboⓋštiak [BEFORE! Jan/3➞₿🔑∎, LNP/BP]](https://pbs.twimg.com/profile_images/1155014533720748032/DCY6N45O_normal.jpg)
-
-
This Tweet is unavailable.
-
Bitcoin uses a curve that doesn't have inherently deterministic signatures, but it's still possible to make them deterministically. High quality wallets use that scheme.
- Show replies
-
-
-
Hmm, if any standard is preventing use of deterministic signatures (not due to back compat), it's a shit, definitely.
-
Welcome to government standards.
- Show replies
New conversation -
-
-
Wouldn't it be possible to implement deterministic nonce generation, but XOR those bits with what should have been random bits for the FIPS version? That way, even *if* FIPS nonce randomness fails, you'd still be safe because the private key was used to key the MAC for nonce gen.
-
I had the same idea but concluded that if they are stupid enough to ban good security practices, they're probably stupid enough to ban practices that get around those bans.
- Show replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.