Am 22.03.2014 um 22:55 schrieb Jonathan Schleifer <js-haiku-development@xxxxxxxxxxx>: > Looking some more at it: It copies the whole message, so either we need to > change the reference implementation to not do that, or use my original > approach and hash first. The message it signs is of variable length and I > could not find a maximum length, so in theory, it should work if we patch it > to not copy the message. I'll try to contact djb and ask him what he thinks > is the right approach. Of course, hashing the data before passing it to Ed25519 turned out to be a brain fart. I had a deeper look into the implementation now, and my impression that hashing beforehand is unnecessary was right: get_hram() basically does SHA512(r, pk, m) and in the place where it matters it was SHA512(extsk[32], ..., extsk[63], m). So, that copying-behaviour was just bad API design in the reference implementation. I decided to change that in now to not copy the message, so please, everybody review my patchset: https://github.com/Midar/haiku/commit/a9d39808cca3c28e14d99eabeb624a3207331d87 It also becomes obvious in my change that hashing beforehand is absolutely unnecessary ;). -- Jonathan