|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alex Alten (Alten
home.com)Date: Wed Feb 07 2001 - 02:56:26 CST
At 12:35 AM 2/7/2001 -0800, Wei Dai wrote:
>
>Considering this attack, I get the feeling that DSA is very fragile
>compared to RSA. With DSA you really need a good RNG for every message you
>sign. A single signature produced with a faulty RNG can reveal the entire
>private key to an attacker. Or a slight weakness in the RNG, which might
>not be significant in other applications, even including key generation,
>can cause the private key to be progressively revealed. I think this needs
>to be noted in descriptions of DSA and taken into account when comparing
>between DSA and other signature schemes. Everything in this paragraph
>about DSA probably also applies to other ElGamal-type signature schemes
>like ECDSA and Nyberg-Rueppel.
>
This sounds like DSA's epitaph. - Alex
--Alex Alten
Alten
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]