simple-sk-checksum
Stephen Paul Weber
singpolyma at singpolyma.net
Fri Jan 4 23:08:09 CET 2013
Somebody claiming to be David Shaw wrote:
>On Jan 4, 2013, at 4:37 PM, Stephen Paul Weber <singpolyma at singpolyma.net> wrote:
>> Does anyone know what the actual security risk is? Using a weaker
>> checksum obviously makes it easier to forge data, but in this case the
>> data being forged is just the secret parts of a secret key. What are the
>> attack vectors there?
>
>http://eprint.iacr.org/2002/076.pdf
Thanks! That paper implies that both the public *and* private elements must
be integrity protected to defeat the attack (depending on algorithm),
however it seems that only the private elements are protected by the SHA1
under RFC4880. Was the need to protect the public elements discovered to be
unnecessary?
--
Stephen Paul Weber, @singpolyma
See <http://singpolyma.net> for how I prefer to be contacted
edition right joseph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20130104/96360719/attachment.pgp>
More information about the Gnupg-users
mailing list