Re: attack against ElGamal (and related algorithms)
From: Atom 'Smasher' (ngbz_at_fhfcvpvbhf.bet)
Date: 12/21/03
- Next message: Henrick Hellström: "Re: ECB 1.0 beta 1"
- Previous message: Marcel Martin: "Re: ECB 1.0 beta 1"
- In reply to: Paul Rubin: "Re: attack against ElGamal (and related algorithms)"
- Next in thread: Paul Rubin: "Re: attack against ElGamal (and related algorithms)"
- Reply: Paul Rubin: "Re: attack against ElGamal (and related algorithms)"
- Reply: Tom St Denis: "Re: attack against ElGamal (and related algorithms)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 21 Dec 2003 06:28:21 -0500
> No no, that's a misreading. To get Bob's private key, she'd have to
> modify Bob's copy of PGP to re-use k, and then get Bob to sign two
> different messages with the same k, not modify her own copy. If she
> modifies her own copy as you suggest and then signs multiple messages,
> then she can recover her own private key, but she already knows her
> own private key so doesn't need to recover it.
=====================
the point isn't for Eve to sign anything... the point is that Eve can use a
fixed "k" to encrypt a message using Bob's public key.
the protocol seems to require that a unique "k" is used for each encryption,
or else there's a problem. that problem seems easy to create under
controlled conditions.
atom
- Next message: Henrick Hellström: "Re: ECB 1.0 beta 1"
- Previous message: Marcel Martin: "Re: ECB 1.0 beta 1"
- In reply to: Paul Rubin: "Re: attack against ElGamal (and related algorithms)"
- Next in thread: Paul Rubin: "Re: attack against ElGamal (and related algorithms)"
- Reply: Paul Rubin: "Re: attack against ElGamal (and related algorithms)"
- Reply: Tom St Denis: "Re: attack against ElGamal (and related algorithms)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
