On Mon, 1 Dec 2003 11:20:10 -0800, Anton Stiglic said: > From: "Ralf Senderek" <[EMAIL PROTECTED]>
> Maybe we can learn that code re-use is tricky in cryptography: indeed, if > the signing function and encryption function did not use the same gen_k > function, the author of the code would have done the optimization that But duplicates the lines of code and thus introduces another source of errors. Its aghrd to tell what ebtter. Given that the algorithms for signing and encryption are really different (compared to RSA) it might have been better to use separate source files for ElGamal-signing and ElGamal-encryption and don't view them as similar. > g = 2 is safe but insecure for signatures... It's just simpler to have two > distinct pairs of keys. Sure, that's what OpenPGP strongly suggests. However ElGamal signing stems from a time before OpenPGP when I tried to replace RSA by ElGamal and keeping most of the PGP2 format (rfc1991) in place. > By the way, is the paper by Phong Q. Nguyen describing the vulnerability > available somewhere? Or maybe someone could describe the cryptanalysis I don't know, please ask him. Phong dot Nguyen at ens.fr. Werner -- Werner Koch <[EMAIL PROTECTED]> The GnuPG Experts http://g10code.com Free Software Foundation Europe http://fsfeurope.org --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]