[Announce] GnuPG's ElGamal signing keys compromised
Werner Koch
wk at gnupg.org
Fri Nov 28 11:17:16 CET 2003
On Fri, 28 Nov 2003 00:07:33 +0000, Noel D Torres Taño said:
> Can't this be addressed changing the code to use a different small k for
> signing, thus allowing to continue using (new) ElGamal sign+encrypt
> keys?
I didn't expressed it correctly. With "same small k" I meant that the
k used was of the same size as the secret exponent x used for key
creation. The small k (e.g. 247 bits for a 1024 bit key) is the
actual fault when used for signing. Such a small k used for
encryption is not a problem and obviously can't lead to a private key
compromise because the encryption operation does not require the
private key.
Werner
--
Werner Koch <wk at gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org
More information about the Gnupg-devel
mailing list