[Cryptography] Posting the keys/certs for: Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?
Georgi Guninski
guninski at guninski.com
Fri Sep 30 10:32:40 EDT 2016
On Thu, Sep 29, 2016 at 09:18:08AM -0700, Ron Garret wrote:
> Possible bug #2 is that openssl actually *generates* weak DSA keys. That would be a much more serious problem. But AFAICT there is no evidence for this. The provenance of these keys is not known. The most likely explanation for the existence of these keys is that someone designed them. The fact that it is possible to create weak DSA keys is not news.
>
Does it matter who created the keys if openssl accepts them?
I didn't use openssl for creation of the keys to minimize development
time (used pen, paper and a little computer).
Feel free to audit soundly if openssl can create invalid or weak keys
(especially in rawhammer environment ;) )
More information about the cryptography
mailing list