From 4e73f3e957c6ffaa24b49f6515519b5f7e4788e8 Mon Sep 17 00:00:00 2001
From: larabr <7375870+larabr@users.noreply.github.com>
Date: Tue, 2 Apr 2024 16:03:05 +0200
Subject: [PATCH] Clarify comment [skip ci]

---
 src/packet/signature.js | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/packet/signature.js b/src/packet/signature.js
index 940a49ee..43fc2002 100644
--- a/src/packet/signature.js
+++ b/src/packet/signature.js
@@ -26,8 +26,9 @@ import defaultConfig from '../config';
 // Symbol to store cryptographic validity of the signature, to avoid recomputing multiple times on verification.
 const verified = Symbol('verified');
 
-// A salt notation is used to randomize signatures; EdDSA signatures in particular are  known to be vulnerable to fault attacks
-// which can lead to secret key extraction if two signatures over the same data can be collected (see https://github.com/jedisct1/libsodium/issues/170).
+// A salt notation is used to randomize signatures.
+// This is to protect EdDSA signatures in particular, which are known to be vulnerable to fault attacks
+// leading to secret key extraction if two signatures over the same data can be collected (see https://github.com/jedisct1/libsodium/issues/170).
 // For simplicity, we add the salt to all algos, as it may also serve as protection in case of weaknesses in the hash algo, potentially hindering e.g.
 // some chosen-prefix attacks.
 // v6 signatures do not need to rely on this notation, as they already include a separate, built-in salt.