Replying to Avatar Guy Swann

Ah crap, can you manually force that data easily? Like let’s say I have 2 devices online ready to sign that both get the message, but the device that sends it to them says “add created_at [exact time]”

Do you think that would produce the exact same apparent message or is there still something else likely to get in the way? 🤔
Avatar
Laeserin 8mo ago

Isn't there some randomness to the signature algo? I don't know, just assumed that there is.

Reply to this note

Please Login to reply.

Discussion

Avatar
Laeserin 8mo ago

I guess it doesn't matter, if they're identical, tho. But then it's the same as just copy-pasting them and sort of pointless.

Avatar
semisol 8mo ago

There are *a lot* of possible valid signatures per messages.

Avatar
semisol 8mo ago

But no one cares and they still have the same ID

Avatar
Liberty Farmer 8mo ago

Yes, but it will always have the same sig given the same tags/inputss.

It has to be of course, otherwise it cannot be verified and repeated.

Avatar
semisol 8mo ago

incorrect

Avatar
Liberty Farmer 8mo ago

Huh? Why not? if I have the same timestamp, pvt key, e tag, p tag, whatever, the signed and delivered note will always be the same.

Avatar
semisol 8mo ago

Because r/k :)

Avatar
Liberty Farmer 8mo ago

Ok, because the signing includes a random element?

Avatar
semisol 8mo ago

Yes. Can’t change it without rewriting the signing code from the ground up.

Not that it matters

Avatar
Laeserin 8mo ago

Okay, I thought I was dreaming that up, since everyone else seemed so sure.

Avatar
Liberty Farmer 8mo ago

No, not at all. The params, inputs, tags are the hashing input, the sig is the output.

Avatar
Guy Swann 8mo ago

I’m gonna test it and see what happens. Will report back 😆🤔