Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/ed25519: doc of Sign should warn not to prehash messages #36761

Open
bigmikes opened this issue Jan 25, 2020 · 1 comment
Open

crypto/ed25519: doc of Sign should warn not to prehash messages #36761

bigmikes opened this issue Jan 25, 2020 · 1 comment

Comments

@bigmikes
Copy link
Contributor

@bigmikes bigmikes commented Jan 25, 2020

Typically, digital signature schemas require the user to first hash the payload and then sign it. Correct me if I am wrong, but this should be true for RSA, DSA and ECDSA.

If my understanding is right, ED25519 seems to be different: it already hashes the message in a way that the collision resistant property is guaranteed even when it becomes feasible to find a collision for SHA512. Thus, prehashing the input messages basically nullifies this collision resistant property of ED25519 itself. In fact, if a possible attacker can efficiently find a collision for the prehashed message, they would be able to carry out a forgery attack.

Also, according to RFC8032 section 8.7 , it would be better to mention to avoid signing large messages.

/cc @FiloSottile @katiehockman

@FiloSottile FiloSottile added this to the Backlog milestone Jan 25, 2020
@gopherbot
Copy link

@gopherbot gopherbot commented Jan 26, 2020

Change https://golang.org/cl/216458 mentions this issue: crypto/ed25519: clarify doc of Sign and added package example

@cagedmantis cagedmantis added the NeedsFix label Feb 3, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.