Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)

To: debian-devel@lists.debian.org
Subject: Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>
Date: Wed, 14 May 2008 23:25:49 +0000
Message-id: <[🔎] 20080514232549.GB4481@crustytoothpaste.ath.cx>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20080514231226.GA4481@crustytoothpaste.ath.cx>
References: <87skwkg97p.fsf@mirexpress.internal.placard.fr.eu.org> <[🔎] 87skwky1vb.fsf@benfinney.id.au> <[🔎] 20080514231226.GA4481@crustytoothpaste.ath.cx>

On Wed, May 14, 2008 at 11:12:26PM +0000, brian m. carlson wrote:

Also, DSA absolutely requires a good random
number generator for every signature.  If the nonce is not chosen
randomly, it will leak bits of the key.  This is true for all discrete
logarithm algorithms.  Therefore, anyone who had a DSA key has had it
compromised, and RSA is just as good a choice for a new key.


I apologize.  Using the same nonce more than once or revealing the nonce
does not leak bits of the key; it immediately and trivially reveals the
private key.  See Applied Cryptography, page 492.

--
brian m. carlson / brian with sandals: Houston, Texas, US
+1 713 440 7475 | http://crustytoothpaste.ath.cx/~bmc | My opinion only
troff on top of XML: http://crustytoothpaste.ath.cx/~bmc/code/thwack
OpenPGP: RSA v4 4096b 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
  - From: Ben Finney <bignose+hates-spam@benfinney.id.au>
- Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
  - From: "brian m. carlson" <sandals@crustytoothpaste.ath.cx>

Prev by Date: Re: SAGE packages for Debian
Next by Date: Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
Previous by thread: Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
Next by thread: Re: SSH keys: DSA vs RSA (was: Alioth and SSH: restored)
Index(es):
- Date
- Thread