Leo Wandersleb on Nostr: No. The leak happens on the signing part and the passphrase only changes the signing ...
No. The leak happens on the signing part and the passphrase only changes the signing key you use.
The problem is that signing requires a random number and if that number is not perfectly random, a party that knows about the bias can learn about the private key that was used. If the attacker knows the full "random number" it can extract the private key from just two signatures.
Published at
2024-08-06 14:12:47Event JSON
{
"id": "3ffdaae8094065efe3344c1d494bb629f1bf042fefa79bc642298ef84dd6d8f9",
"pubkey": "46fcbe3065eaf1ae7811465924e48923363ff3f526bd6f73d7c184b16bd8ce4d",
"created_at": 1722953567,
"kind": 1,
"tags": [
[
"e",
"d7aa7483934981a890a77a3fede63cf3742b7d883ae18456890a5cafdc4163e8",
"",
"root"
],
[
"e",
"e82f859e0fb2559360541648c3008a3ab9683429022e8177e34c3d1a486d0a3a",
"",
"reply"
],
[
"p",
"74666952c404cf6063ff7bd6236462c3a87b6be3dfbc1099534443743062bc1f",
"",
"mention"
],
[
"p",
"3d2e51508699f98f0f2bdbe7a45b673c687fe6420f466dc296d90b908d51d594",
"",
"mention"
]
],
"content": "No. The leak happens on the signing part and the passphrase only changes the signing key you use.\n\nThe problem is that signing requires a random number and if that number is not perfectly random, a party that knows about the bias can learn about the private key that was used. If the attacker knows the full \"random number\" it can extract the private key from just two signatures.",
"sig": "37a792478495d8761fed686fc91e38a8cc108a6acb28b1377010b9d24be0d0bd11ae07983d79898d6129b66c9e48252ca3689f4e8eda2a2fbb394192f512f987"
}
