Re: Weak keys for ElGamal



Hi,

The very notion of "weak keys" makes no sense, given modern understanding
of confidentiality. Security in crypto is inherently a probabilistic
notion: what are the chances that an adversary guesses the message?
(You can never make that probability exactly zero.)

So could a party by chance (or
intentionally) choose a weak secret key and thereby reduce the security
of the ElGamal scheme?

Those are two different questions.

If one of the parties is malicious, they can just reveal the message
or key, so it doesn't make sense to ask for El Gamal to be secure if
one of the parties is malicious.

As for choosing a weak key by chance, the best way to answer the question
is to unask the question and ask a different one, because weak keys are
not a very relevant concept.
So from a security point of view it doesn't make a difference if I
choose the key randomly or always in a special intervall (but nobody
besides me knows this intervall).

.



Relevant Pages

  • Re: Do PocketPCs need firewalls ?
    ... You seem to be a member of the camp that promotes, "Don't worry about it ... until it proves to be a problem for others, chances are you'll not be in ... false sense of security is worse than none at all. ...
    (microsoft.public.pocketpc)
  • Re: Blowfish Security Questions (Weak Key)
    ... >> If I did somehow pick a weak key, could my ciphertext be broken ... That amount of security is never needed and is often sought by ... secure) and also have access to the F function. ...
    (sci.crypt)
  • Re: Retrieving the COM class factory for component with CLSID ....
    ... Chances are it is a security issue but you'll have to give us more info on ... Retrieving the COM class factory for component with CLSID ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Re[2]: Possible New Security Tool For FreeBSD, Need Your Help.
    ... > CDD> Yeah but Obfuscation PLUS good security does not hurt, ... IMHO the more complicated it gets, the more chances you have, ... There's also the chance that combining two security methods may ...
    (FreeBSD-Security)