> On Thu, 01 Sep 2005 15:04:43 +0200, Simon Josefsson said: > >> If you control the random number generator, you control which >> Miller-Rabin bases that are used too. > > Oh well, if you are able to do this you have far easier ways of > compromising the security. Tricking the RNG to issue the same number > to requests for the secret exponent of an DSA sign operation seems to > be easier.
I agree. Either assume that the code on the PC is valid, or don't. If you don't, anything can have a back door in it, the encryption or signature code, the Miller-Rabin test, the RNG, the encoding scheme you use, etc. --Anton --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
