According to CNN, Daniel Bleichenbacher has found a flaw in the NIST-standard Digital Signature Algorithm. See http://www.cnn.com/2001/TECH/internet/02/06/DSA.flaw.idg/index.html for some details. Bleichenbacher says that he'll be presenting the paper at Eurocrypt; it is not yet publicly available. The attack is quite expensive; it requires O(2^64) operations, several terabytes of memory, and 2^22 signed messages. --Steve Bellovin, http://www.research.att.com/~smb
