... but it's an illustration of the general feeling one gets from studying RSA application in the real world - see Bleichenbacher - it's *fragile*.
There is a similar story with Schnorr family signatures and nonces - correctly generated nonces are secure; but even *1* bit of bias can result in insecurity (again, practicality aside - so often, the impractical has the rude habit of becoming practical, once something is under wide use).
@waxwing some of those kind of attacks are btw *practical* in the physical or sidechannel and timing attack schemes.
Using keys can reveal a lot of Information and in a digital world it is almost not preventable that someone hears the key bits *sound*.
So in my view keys should only be used once and not and never be deterministic derivable from *master* keys, i guess i am alone in that view ... , should i mention that i hate HD wallets, and that i refuse to use them?
@waxwing i wonder how long it will take until the vaccination passport signer keys are revealed by that kind of attacks on the verifying apps.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!