openpgp dsa subliminal key reconstructor

Werner Koch wk at
Wed Aug 4 10:30:56 CEST 2004

On Wed, 4 Aug 2004 01:56:06 -0400 (EDT), Atom 'Smasher' said:


Where is the news?  It is a well understood property of the ElGamal
signing scheme. You don't even need such a channel, you may also
subvert the signing program to use the same value for k more than one
time.  There are anyway uncounted ways to use subliminal channels to
export private keys.


More information about the Gnupg-devel mailing list