On Thu, May 15, 2008 at 05:11:27AM +0200, Goswin von Brederlow wrote: > The DSA signing uses (secret key + random) in the signature and that > sum is trivial to compute given the signed message and public key. The > security of DSA relies solely on the fact that random can't be guessed > so you can't compute the secret key from the sum.
Actually it uses (inverse random) * (hash + (secret key) * (number inferred from public key and random)). > Also if you have 2 messages signed with the same random number you can > compute the secret key. It is more complicated then this but > simplified boils down to is computing k given (k + r) * Message1 == > Signature1 and (k + r) * Message2 == Signature2. For the details, since everyone doesn't read Planet Debian: http://blog.sesse.net/blog/tech/2008-05-14-17-21_some_maths /* Steinar */ -- Homepage: http://www.sesse.net/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
