[Announce] GnuPG's ElGamal signing keys compromised
Werner Koch
wk at gnupg.org
Fri Nov 28 11:24:44 CET 2003
On Thu, 27 Nov 2003 22:16:28 +0100 (MET), Johan Wevers said:
> Wouldn't it be better to fix the bug that uses the small exponents instead?
> This sounds like fixing the result instead of solving the problem.
The real problem is not the bug but the use of Elgamal signatures at
all. They have too many problems and many people got trapped by some
of them (e.g. the Bleichenbacher attack). Probably I was somewhat
arrogant to assume that my implementation got it right.
Frankly, I have fixed the the bug even that that code won't be used
anymore. Just in case someone is still stupid enhough to reenable
ElGamal signatures.
Werner
--
Werner Koch <wk at gnupg.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org
More information about the Gnupg-users
mailing list