Rebuilding the private key from signatures
aaron.toponce at gmail.com
Thu Feb 24 22:33:16 CET 2011
On Fri, Feb 25, 2011 at 03:39:10AM +1300, Atom Smasher wrote:
> if an attacker has two messages signed with DSA, and they happen to
> use the same value of "k" then it's trivial to recover the private
> a random "k" is the achilles heel of DSA and elgamal (and their ECC
> derivatives). if "k" is truly random (and reasonably large), the
> chances of getting a duplicate "k" approaches zero... if "k" is not
> reasonably large or there's a bias that can produce duplicate "k"s
> with the same value, you're hosed.
I've learned something new today. Thank you very, very much!
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 527 bytes
Desc: Digital signature
More information about the Gnupg-users