kernel.org status: establishing a PGP web of trust
aaron.toponce at gmail.com
Sat Oct 1 14:57:19 CEST 2011
On 09/30/2011 08:11 PM, Robert J. Hansen wrote:
> On 9/30/2011 8:57 PM, Marcio B. Jr. wrote:
> Before people panic, there are no known weaknesses in DSA.
I agree, people should not panic. But, people should be aware of the
"random k" in DSA signatures:
Sony fell victim to this very problem with their PS3, because they
failed to sufficiently randomize "k".
If your RNG sucks (not something GNU/Linux users need to worry about if
/dev/random is used), then DSA should not be considered. Thus, the
recommendation to use RSA instead, as it doesn't suffer from this.
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o o o o . o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 591 bytes
Desc: OpenPGP digital signature
More information about the Gnupg-users