kernel.org status: establishing a PGP web of trust
Aaron Toponce
aaron.toponce at gmail.com
Sat Oct 1 14:57:19 CEST 2011
On 09/30/2011 08:11 PM, Robert J. Hansen wrote:
> On 9/30/2011 8:57 PM, Marcio B. Jr. wrote:
>> http://lwn.net/Articles/461236/
>
> Before people panic, there are no known weaknesses in DSA.
I agree, people should not panic. But, people should be aware of the
"random k" in DSA signatures:
http://rdist.root.org/2010/11/19/dsa-requirements-for-random-k-value/
Sony fell victim to this very problem with their PS3, because they
failed to sufficiently randomize "k".
If your RNG sucks (not something GNU/Linux users need to worry about if
/dev/random is used), then DSA should not be considered. Thus, the
recommendation to use RSA instead, as it doesn't suffer from this.
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 591 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20111001/0fba3245/attachment.pgp>
More information about the Gnupg-users
mailing list