1. 4
  1.  

  2. 3

    Really high-quality cryptography engineering post from Trail of Bits. ToB seems like a fantastic company. TL;DR use Ed25519 if you can, and prefer EdDSA over ECDSA.

    1. 2

      after reading this blog post you will be able to leverage a lattice attack to break ECDSA signatures produced with a very slightly faulty RNG using less than 100 lines of python code

      Damn, I hope my Yubikey’s RNG isn’t “very slightly faulty”…

      (upd)

      You may have heard of a recent bug in the randomness generated in Yubikeys. Essentially, bad randomness caused as many as 80 bits of the nonce to be fixed to the same value

      haha whoops

      (but thankfully this is only about “YubiKey FIPS Series”)