The microblog: 2022.07.20 08:22:39

2022.07.20 08:22:39 (1549640913458040833) from Daniel J. Bernstein:

If signed messages look like message+signature (as opposed to "message recovery") then it's too easy for people to grab the message and skip checking the signature. To fight against this, transform sm to obscure m: xor 1,2,3,...; better, apply any of the AONTs from Rivest et al.