[Announce] GnuPG's ElGamal signing keys compromised

Werner Koch wk at gnupg.org
Fri Nov 28 11:24:44 CET 2003

On Thu, 27 Nov 2003 22:16:28 +0100 (MET), Johan Wevers said:

> Wouldn't it be better to fix the bug that uses the small exponents instead?
> This sounds like fixing the result instead of solving the problem.

The real problem is not the bug but the use of Elgamal signatures at
all.  They have too many problems and many people got trapped by some
of them (e.g. the Bleichenbacher attack).  Probably I was somewhat
arrogant to assume that my implementation got it right.

Frankly, I have fixed the the bug even that that code won't be used
anymore.  Just in case someone is still stupid enhough to reenable
ElGamal signatures.


Werner Koch                                      <wk at gnupg.org>
The GnuPG Experts                                http://g10code.com
Free Software Foundation Europe                  http://fsfeurope.org

More information about the Gnupg-users mailing list