Problems with private keyring?

[Taral]

--0OAP2g/MAC+5xKAE
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Mar 22, 2001 at 08:44:56PM +0100, Florian Weimer wrote:
> Unfortunately, the situation with DSA signatures is much, much worse.
> IMHO, the protected data is probably not sufficient to validate the
> unprotected data, so the way the secret key is stored has to be
> changed completely.  This is going to introduce incompatibilities, and
> I don't think I'm in a position to do this, so no further patches from
> me, sorry. :-/

Well, the attack they propose relies on the fact that the p' they chose
is deliberately very weak (p'-1 has a factorization consisting solely of
powers of small primes) and that p' < q. I still cannot see, however, a
way to replace (g, p, q, y) with another set which passes the proposed
checks.

The easiest fix for this seems to be to include a signature of (p, q,
g, y, x).

--=20
Taral <taral@taral.net>
Please use PGP/GPG to send me mail.
"Never ascribe to malice what can as easily be put down to stupidity."

--0OAP2g/MAC+5xKAE
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iEYEARECAAYFAjq6ZmwACgkQ7rh4CE+nYEnKRACfTSAEppI4WHUpXgUPJ5C3yMag
ZZ4An0xagpVGEDp+1bdRX+R8Bdi1FgZB
=LHar
-----END PGP SIGNATURE-----

--0OAP2g/MAC+5xKAE--