Post by Soatok Dreamseeker

Cuddly Lynx "If an attacker can arbitrarily substitute public keys in chosen plaintexts, the Ed25519 signature doesn’t really prove anything beyond “this wasn’t tampered with in-transit”." isn't this not even proving that it wasn't tampered with, just that it wasn't non-maliciously corrupted?
0
Voiceless Anglerfish Yeah it's weaker than HMAC because you can just swap the public key with whatever one you want, and then you can generate an Ed25519 signature for which that signature is valid.
0