[Botan-devel] DSA signature verification always returns false

Z. S. O. tiredashell at gmail.com
Fri Apr 17 23:22:02 EDT 2009


While we're still on the topic, I was wondering: does Botan have a standard
way to generate pseudo-random session tokens for data that I digitally sign?
>From what I understand, the only way to avoid a replay attack is to use
sign(data+token) instead of sign(data). I could always generate my own
random token, but I don't like to invent my own standards if I can help it.
Besides, I'm not sure how big the token has to be for it to be considered
"secure."

On Thu, Apr 16, 2009 at 10:17 PM, Jack Lloyd <lloyd at randombit.net> wrote:

>
> On Thu, Apr 16, 2009 at 09:40:27PM -0400, Z. S. O. wrote:
> > When I tried that, my compiler complained that Botan::byte has no member
> > called length. After you mentioned it, though, I realized I could just
> them
> > to strings and used the length function from there so it works well,
> thanks
> > again.
>
> Erp. I should have written .size(), not .length()
>
> Clearly my mind is going. :(
>
> You are correct that if the message is already in a std::string there
> is no reason to copy it to a botan *Vector object.
>
> -Jack
> _______________________________________________
> botan-devel mailing list
> botan-devel at randombit.net
> http://lists.randombit.net/mailman/listinfo/botan-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20090417/6a13407a/attachment.html>


More information about the botan-devel mailing list