Rebuilding the private key from signatures

Daniel Kahn Gillmor dkg at fifthhorseman.net
Thu Feb 24 16:38:41 CET 2011


On 02/24/2011 09:09 AM, Aaron Toponce wrote:
> What is the likelihood that an attacker could rebuild a private key from
> a collections of signed mail, and would it depend on the hash used in
> the algorithm?

It doesn't depend as much on the digest algorithm used as it does on the
type of public key and the quality of the PRNG used during the signature
process.  DSA keys in particular can be recovered if the random number
generator used to create the signatures turns out to be predictable:

 http://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.35.1538

Fortunately, i don't think that the PRNG used in GnuPG has any known
vulnerabilities.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110224/19458626/attachment.pgp>


More information about the Gnupg-users mailing list