[dns-operations] EdDSA status ?

Daniel Stirnimann daniel.stirnimann at switch.ch
Mon Jun 4 14:02:33 UTC 2018


> The nonce is not required if you are doing deterministic ECDSA and, 
> as pointed out earlier on this thread, using non-deterministic ECDSA is 
> dangerous unless you are really sure of your source of randomness.

I'm not aware of any open source crypto library which provides
deterministic ECDSA but openssl 1.1.0 uses this trick
https://github.com/openssl/openssl/blob/OpenSSL_1_1_0-stable/crypto/bn/bn_rand.c#L195
for the nonce to protect from RNG failures.

Daniel



More information about the dns-operations mailing list