[Cryptography] Posting the keys/certs for: Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?

Kristian Gjøsteen kristian.gjosteen at math.ntnu.no
Thu Sep 29 18:22:10 EDT 2016


29. sep. 2016 kl. 18.18 skrev Ron Garret <ron at flownet.com>:
> Possible bug #1 is that openssl does not detect weak DSA keys.  This is clearly the case.  But I would say that this is not a particularly serious problem, and it’s not particularly hard to fix (assuming anyone actually cares).

These keys aren’t weak, they are invalid. The parameters used are not according to the standard.

Verifying the parameters is somewhat expensive (should be about the same cost as generating a signature, and half the cost of verifying a signature). It is not immediately obvious that it makes sense to verify these parameters all the time in a TLS context. The CA should probably verify them before it vouches for the key.

-- 
Kristian Gjøsteen



More information about the cryptography mailing list