simple-sk-checksum

Stephen Paul Weber singpolyma at singpolyma.net
Fri Jan 4 23:08:09 CET 2013


Somebody claiming to be David Shaw wrote:
>On Jan 4, 2013, at 4:37 PM, Stephen Paul Weber <singpolyma at singpolyma.net> wrote:
>> Does anyone know what the actual security risk is?  Using a weaker 
>> checksum obviously makes it easier to forge data, but in this case the 
>> data being forged is just the secret parts of a secret key.  What are the 
>> attack vectors there?
>
>http://eprint.iacr.org/2002/076.pdf

Thanks!  That paper implies that both the public *and* private elements must 
be integrity protected to defeat the attack (depending on algorithm), 
however it seems that only the private elements are protected by the SHA1 
under RFC4880.  Was the need to protect the public elements discovered to be 
unnecessary?

-- 
Stephen Paul Weber, @singpolyma
See <http://singpolyma.net> for how I prefer to be contacted
edition right joseph
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: </pipermail/attachments/20130104/96360719/attachment.pgp>


More information about the Gnupg-users mailing list