Problems with private keyring?
Taral
taral at taral.net
Thu Mar 22 21:55:19 CET 2001
On Thu, Mar 22, 2001 at 08:44:56PM +0100, Florian Weimer wrote:
> Unfortunately, the situation with DSA signatures is much, much worse.
> IMHO, the protected data is probably not sufficient to validate the
> unprotected data, so the way the secret key is stored has to be
> changed completely. This is going to introduce incompatibilities, and
> I don't think I'm in a position to do this, so no further patches from
> me, sorry. :-/
Well, the attack they propose relies on the fact that the p' they chose
is deliberately very weak (p'-1 has a factorization consisting solely of
powers of small primes) and that p' < q. I still cannot see, however, a
way to replace (g, p, q, y) with another set which passes the proposed
checks.
The easiest fix for this seems to be to include a signature of (p, q,
g, y, x).
--
Taral <taral at taral.net>
Please use PGP/GPG to send me mail.
"Never ascribe to malice what can as easily be put down to stupidity."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 248 bytes
Desc: not available
Url : /pipermail/attachments/20010322/e291c202/attachment.bin
More information about the Gnupg-devel
mailing list