[Cryptography] Posting the keys/certs for: Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?

[Ron Garret]

On Sep 28, 2016, at 9:32 PM, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:

> Ron Garret <ron at flownet.com> writes:
> 
>> In this case the fix is trivial: add a line of code that rejects any key 
>> whose multiplicative order is too small.
> 
> Isn't this a bit like saying that the fix for Linux kernel bugs is also
> trivial: Wherever there's a kernel bug, add a line of code that fixes it.
> 
> (Evaluating multiplicative orders, from a quick look at Bach & Shallit's
> "Algorithmic Number Theory", isn't exactly a one-liner).

Not everything requires bringing out the big number theoretic guns.  Here is one of the keys in question:

Private-Key: (1024 bit)
priv: 13 (0xd)
pub:  1 (0x1)
P:   
    00:90:df:c4:88:8f:91:41:57:b9:b0:9d:9f:8d:53:
    ce:3b:ac:8e:f9:59:7a:47:08:c7:3d:6f:ab:45:e2:
    0b:3e:6f:da:a8:d0:08:7a:9f:f0:bb:19:9b:c8:60:
    d1:af:91:81:03:bf:2c:f2:dd:0e:09:fc:db:4a:1d:
    ab:a6:99:17:f5:a2:f4:0c:b1:2c:5e:f4:9d:21:2d:
    9c:0b:4f:b6:f0:b0:0c:a0:87:36:b3:f0:ff:cc:a1:
    d8:a3:32:8b:cb:b6:e0:3a:a5:a0:8f:ad:43:9f:fc:
    f6:de:28:18:da:af:86:80:c2:6e:63:95:0a:4e:0f:
    9b:00:09:1a:b6:74:34:ce:a9
Q:   
    00:d7:14:b8:0b:1d:52:ff:da:64:7b:ba:c7:20:00:
    98:f9:fc:4c:b2:4b
G:    1 (0x1)
writing DSA key
-----BEGIN DSA PRIVATE KEY-----
MIGnAgEAAoGBAJDfxIiPkUFXubCdn41TzjusjvlZekcIxz1vq0XiCz5v2qjQCHqf
8LsZm8hg0a+RgQO/LPLdDgn820odq6aZF/Wi9AyxLF70nSEtnAtPtvCwDKCHNrPw
/8yh2KMyi8u24DqloI+tQ5/89t4oGNqvhoDCbmOVCk4PmwAJGrZ0NM6pAhUA1xS4
Cx1S/9pke7rHIACY+fxMsksCAQECAQECAQ0=
-----END DSA PRIVATE KEY——

If it takes you more than three seconds to figure out what is wrong with it you need to turn in your tinfoil hat.

rg