DSA broken?

Nikos Mavroyanopoulos nmav at hellug.gr
Sat Feb 10 09:56:01 EET 2001


απο το flash.gr:

 http://tech.flash.gr/technical/bugs/2001/2/6/2974id/

Εδω αναφερει απλως οτι ο DSA εχει προβληματα με την γεννητρια
τυχαιων αριθμων που χρησιμοποιει, χωρις να αναφερει κατι
συγκεκριμενο και δεν δινει καποιο link για περισσοτερες πληροφοριες.

Το γεγονος οτι ο DSA ΔΕΝ εχει γεννητρια τυχαιων αριθμων, 
σαν μερος του αλγοριθμου, με εκανε να ψαξω περισσοτερο για το
θεμα...

Να τι βρηκα:
>> Forum: jyu.ohjelmointi.coderpunks
Subject: Re: Has DSA been compromised?
Date: 02/07/2001
Author: Peter Gutmann <pgut001 at cs.auckland.ac.nz>

Alex Alten <Alten at home.com> writes:
 
>Given that NSA will be fixing it, does this affect any standards that require
>it usage?  In particular I'm thinking of the ebXML use of the XML digital
>standard. Should we support RSA only signatures until the revision to DSA is
>released?
 
The press release doesn't give too much technical detail but it looks like the weakness is in the FIPS 186 PRNG, in which case it's only going to affect a fully FIPS 186-compliant DSA (there are both DES-based and SHA1-based generators in the standard and the attack may only affect one of the two, in addition you're also allowed an X9.17-based generator if you can convince whoever's checking the checkboxes of it and that may not be affected either). Many implementations won't use the FIPS 186 generator(s), either because the implementor already has a perfectly good generator available or because they don't trust the design of the FIPS generators (they're way too simple and rather brittle).  These implementations won't be affected.
 
(This leads to the rather odd situation where most (all?) of the freely- available crypto libraries and toolkits are fine, and all the offically- approved, certified ones are broken).
 
Peter.


-- 
Nikos Mavroyanopoulos




More information about the Linux-greek-users mailing list