[Cryptography] Posting the keys/certs for: Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?

Kristian Gjøsteen kristian.gjosteen at math.ntnu.no
Fri Sep 30 02:41:57 EDT 2016


30. sep. 2016 kl. 08.06 skrev Peter Gutmann <pgut001 at cs.auckland.ac.nz>:
> I think a check for validity is pretty trivial.  Or at least detecting an
> obviously-invalid key like this is pretty trivial.

For this particular key, yes. But you can probably do similar attacks with keys that superficially look ok. If you want to detect invalid keys, you really need to verify the order of g (and the primality of p and q, and probably some more stuff). The standard talks about this.

> Before everyone bashes OpenSSL,

As I said, I suspect OpenSSL is doing the right thing by not verifying all the parameters all the time.

-- 
Kristian Gjøsteen



More information about the cryptography mailing list