ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: private key language

2005-12-28 14:53:43
from [Jon Callas] [Permanent Link] 

On 28 Dec 2005, at 9:33 AM, Daniel A. Nagy wrote:
No, this is, unfortunately, not the case, as only the secret material is hashed. In the Klima-Rosa attack, the secret material is not touched; it is 
the public matereial that is altered.


Not as I understand it.
The point of the Klima-Rosa attack is that you damage the private key, and persuade someone to sign something with the damaged key. You use that bogus signature to deduce things about the private key.
I don't understand how you can have an attack on signatures that involves only damaging the public key. That would mean that anyone can do this, as public keys are well, public.
However, it's been years since I've looked at this. As David Shaw said, the tag 254 s2k exists to handle this attack. If I'm missing something or have forgotten something, please explain it to me. 

        Jon
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Outstanding question - rule on cleartext signing last line, Jon Callas
Next by Date:  Re: Some -15 text nits, part 2, Jon Callas
Previous by Thread:  Re: private key language, David Shaw
Next by Thread:  Short intro on the K-R attack [Re: private key language], Daniel A. Nagy
Indexes:  [Date] [Thread] [Top] [All Lists]