[Cryptography] Posting the keys/certs for: Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?
asanso at adobe.com
Wed Sep 28 15:12:14 EDT 2016
On Sep 28, 2016, at 4:35 PM, Georgi Guninski <guninski at guninski.com> wrote:
> On Wed, Sep 28, 2016 at 12:27:31PM +0300, Georgi Guninski wrote:
>> Posting the keys/certs/private per some requests. The README:
>> Distinct DSA keys produce valid single signature of single file
>> and the x509 certificates from the private keys work on openssl 1.0.2j
>> Tested on openssl 1.0.2j (latest and 1.0.1t latest) on Debian 8.
>> The keys (also private are attached).
>> Also at http://j.ludost.net/DSA1.tar.gz
> [this thread is crossposted to Cryptography and Cypherpunks]
> Isn't there RFC or some document which says what checks should be
> Last year I bitched:
> RFC-2631, fips 186-3 and openssl's implementation of DSA appear broken (and possibly backdoored)
> #^ openssl
just saying. Have you seen this http://blog.intothesymmetry.com/2016/01/openssl-key-recovery-attack-on-dh-small.html ?
> The cryptography mailing list
> cryptography at metzdowd.com
More information about the cryptography