[OTR-dev] DSA, RSA, ECDSA, etc

Gregory Maxwell gmaxwell at gmail.com
Mon Sep 24 16:48:05 EDT 2012

On Mon, Sep 24, 2012 at 4:06 PM, Jacob Appelbaum <jacob at appelbaum.net> wrote:
> r? Not k? What happens if k repeats?

Just a difference in variable names owing to the different algorithmic origins.
(I even wrote K at first and worried some pedant would complain).

It has the same underlying issues about reuse. The signature is a pure
function of  the message and the private key material (privkey and the
secret) in this scheme.

It may be more prudent to just use ed25519 rather than apply its
technique for this issue— although you could— simply because the
ed25519 construct has had review as a whole.

More information about the OTR-dev mailing list