[Cryptography] Posting the keys/certs for: Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?

Ron Garret ron at flownet.com
Wed Sep 28 12:44:07 EDT 2016


On Sep 28, 2016, at 9:09 AM, Georgi Guninski <guninski at guninski.com> wrote:

> On Wed, Sep 28, 2016 at 08:32:19AM -0700, Ron Garret wrote:
>> On Sep 28, 2016, at 2:27 AM, Georgi Guninski <guninski at guninski.com> wrote:
>> 
>>> The main idea is to use low multiplicative order of the generator $g$,
>> 
>> There’s your answer.
>> 
> 
> This is by design and I knew it.

That’s not what you originally wrote:

> How to try the signatures in other scenarios?
> 
> Is this known?
> 
> Is this theoretical weakness in openessl 1.0.1t?
> 
> Is this a bug at all?

But whatever.

> Was asking about the scope of this if any and also if the RFC/fips/spec
> is buggy too or just a coding nonsense.

I have never understood this phenomenon of treating specs as if they were holy writs handed down by God.  Any software that either generates or accepts DSA keys with low multiplicative orders is clearly broken.  Asking whether that's a bug in the spec or a bug in the code is like asking whether the deck chairs on the Titanic should have been arranged differently.  It’s broken.  That’s all that matters.

In this case the fix is trivial: add a line of code that rejects any key whose multiplicative order is too small.

rg



More information about the cryptography mailing list