diff options
| author | Adam Langley <agl@golang.org> | 2016-09-30 14:48:11 -0700 |
|---|---|---|
| committer | Adam Langley <agl@golang.org> | 2016-10-02 19:38:37 +0000 |
| commit | 998419575fb34dd5228cfdb353a73184e29db8da (patch) | |
| tree | fc63cda20ecccb1c791d4b50bb52fdc19a0fd395 /src/crypto/ecdsa/ecdsa.go | |
| parent | 49aa1d791be26de71ba7ed02d6c6cd1dd0092b71 (diff) | |
| download | go-998419575fb34dd5228cfdb353a73184e29db8da.tar.gz go-998419575fb34dd5228cfdb353a73184e29db8da.zip | |
crypto/ecdsa: correct code comment.
The code comment mixed up max and min. In this case, min is correct
because this entropy is only used to make the signature scheme
probabilistic. (I.e. if it were fixed then the scheme would still be
secure except that key.Sign(foo) would always give the same result for a
fixed key and foo.)
For this purpose, 256-bits is plenty.
Fixes #16819.
Change-Id: I309bb312b775cf0c4b7463c980ba4b19ad412c36
Reviewed-on: https://go-review.googlesource.com/30153
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Diffstat (limited to 'src/crypto/ecdsa/ecdsa.go')
| -rw-r--r-- | src/crypto/ecdsa/ecdsa.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/crypto/ecdsa/ecdsa.go b/src/crypto/ecdsa/ecdsa.go index 72fb49934f..02848fd595 100644 --- a/src/crypto/ecdsa/ecdsa.go +++ b/src/crypto/ecdsa/ecdsa.go @@ -149,7 +149,7 @@ var errZeroParam = errors.New("zero parameter") // returns the signature as a pair of integers. The security of the private key // depends on the entropy of rand. func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error) { - // Get max(log2(q) / 2, 256) bits of entropy from rand. + // Get min(log2(q) / 2, 256) bits of entropy from rand. entropylen := (priv.Curve.Params().BitSize + 7) / 16 if entropylen > 32 { entropylen = 32 |