status: establishing a PGP web of trust

Aaron Toponce aaron.toponce at
Sat Oct 1 14:57:19 CEST 2011

On 09/30/2011 08:11 PM, Robert J. Hansen wrote:
> On 9/30/2011 8:57 PM, Marcio B. Jr. wrote:
> Before people panic, there are no known weaknesses in DSA.

I agree, people should not panic. But, people should be aware of the
"random k" in DSA signatures:

Sony fell victim to this very problem with their PS3, because they
failed to sufficiently randomize "k".

If your RNG sucks (not something GNU/Linux users need to worry about if
/dev/random is used), then DSA should not be considered. Thus, the
recommendation to use RSA instead, as it doesn't suffer from this.

. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 591 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20111001/0fba3245/attachment.pgp>

More information about the Gnupg-users mailing list