Posted by owenl
(18.104.22.168) on June 10, 2013 at 18:04:41:
As I understand it, when you sign something using the ECDSA standard, the signature is supposed to change every time you call the signing function, because it's supposed to use a random number as part of the signing algorithm.
But when I call ECpSignDSA(), for the same hash string, I get only one signature that doesn't vary! This is the same weakness that got the Sony Playstation's private key cracked, I believe?
I'm running this call under the simulator, not the actual card - can someone verify this and is this something that's just a simulator bug or is it the same for both?