Evaluate if the resulting signature can be derived from 4 byte data

[petrdvorak]

As with the HOTP standard, we use decimalized signatures constructed from 4 bytes, as seen here:

https://dl.dropboxusercontent.com/u/6405782/powerauth/index.html#computing-the-signature

While the declared signature length is 10 digits, 4 bytes have a very low entropy on the first digit. Namely, 2^32 = 4 294 967 296, plus we strip the negative numbers thus gaining only half of this number. Therefore, the first character of the signature can be only 0, 1 or 2...

We need to evaluate if this is a big issue, since signatures are always connected with given transaction and random nonces.

Possible solutions:

• allow use of non-decimalized long signature in HTTP request
• allow extending the signature length by not stripping 4 bytes only

[petrdvorak]

When working on issues #10 and #11, the issue seems to be resolved in following way:

• Each factor used for the signature is now represented by 8 digit long signature component
• Typical signature will use 2 components (2FA), gaining 16 digits length
• Therefore, rounding error goes away while signature is actually longer with higher entropy