You are viewing a single comment's thread from:
RE: Why does steem use this canonical thing instead of strict secp256k1?
If you really need sonething canonical you can try the rfc-compliant k and if the sig fail to be canonical .. you can increment k by one until you sig is canonical. Easy as that.
@xeroc
Your word carries a lot of weight with me, so please put it to me squarely:
Do you think this poses a threat to security?
How about usability?
Isn't it something that can be simplified a great deal?
If I'm off-base here, tell me so.
Just give up the FUDing already, we've explained why you had this issue. There is no security issue here, in fact it's a non issue that you're attempting to make a big deal out of.
If you weren't trying to FUD you would've just asked someone like xeroc who knows how this works and he would've explained it in 1 minute.
In fact, these more strict requirements make the system more secure.
You can realize that when you think about it from the information theoretical point of view. The requirement for
randseach being of length 32 means that the signature has to have a length of64(+1 for the pubkey recovery parameter). This requirement makes it impossible to leak information of the private key into the signature, no matter what you do.As for not being deterministic, there actually is no requirement for it whatsoever. All that RFC6979 results in is a random k which is needed to prevent an easy derivation of
kfrom two signatures (if the same k is used twice). This can be done by using RFC6979, or just some random timestamp. Being able to deterministically derivekhas no other impact than making sure thatkisn't reused. And for that reason, graphene (as well as most clients) implement RFC6979 and then permute thekif necessary.@svk
Attitudes like that are a threat to security here. Hell, it's why I stopped using the site. Why is there this extreme anti-progress undercurrent around here?
Hey xeroc, regarding to Piston, is this still available?
There is a 'Lost connection to node' error message.