[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH keys: DSA vs RSA

On Thu, May 15, 2008 at 05:11:27AM +0200, Goswin von Brederlow wrote:
> The DSA signing uses (secret key + random) in the signature and that
> sum is trivial to compute given the signed message and public key. The
> security of DSA relies solely on the fact that random can't be guessed
> so you can't compute the secret key from the sum.

Actually it uses
(inverse random) * (hash + (secret key) * (number inferred from public key and random)).

> Also if you have 2 messages signed with the same random number you can
> compute the secret key. It is more complicated then this but
> simplified boils down to is computing k given (k + r) * Message1 ==
> Signature1 and (k + r) * Message2 == Signature2.

For the details, since everyone doesn't read Planet Debian:

  http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths

/* Steinar */
-- 
Homepage: http://www.sesse.net/
Reply to: