[Cryptography] Posting the keys/certs for: Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?
Tony Arcieri
bascule at gmail.com
Sat Oct 1 14:46:10 EDT 2016
If I'm reading this thread right (I apologize, I've only skimmed) this is a
duplicate signature key selection attack, similar to:
https://www.agwa.name/blog/post/duplicate_signature_key_selection_attack_in_lets_encrypt
The easiest way to mitigate it at a protocol level is to include the
sender's public key in the contents of the digest to be signed, then make
sure the public key you're using to verify matches the one in the message
you're verifying.
All that said, the strength of a cryptographic system rests in the keys. If
you're trying to verify a message with a potentially malicious public key,
what does that say about the contents of the message at all? (Not a whole
lot, IMO)
--
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161001/3f033b51/attachment.html>
More information about the cryptography
mailing list