IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Curve25519/448 key agreement for SSH
Simon Josefsson <simon%josefsson.org@localhost> writes:
> A simple approach would be to say that if the MSB is 1, prepend a zero
> byte. However, the length difference would leak that information.
Note that it's also possible to use some slightly different mapping than
for mpints. Like it's been done in the dsa signature blob since ages;
there the integers are always coded as 20-byte values, no sign bit, and
no normalization if some value happens to get a zero high byte.
I'm not sure I like that departure from mpint, but I'd like to point out
that it's a possibilty and it's been done before.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
Home |
Main Index |
Thread Index |
Old Index