Somebody claiming to be David Shaw wrote:
On Jan 4, 2013, at 4:37 PM, Stephen Paul Weber <[email protected]> wrote:Does anyone know what the actual security risk is? Using a weaker checksum obviously makes it easier to forge data, but in this case the data being forged is just the secret parts of a secret key. What are the attack vectors there?http://eprint.iacr.org/2002/076.pdf
Thanks! That paper implies that both the public *and* private elements must be integrity protected to defeat the attack (depending on algorithm), however it seems that only the private elements are protected by the SHA1 under RFC4880. Was the need to protect the public elements discovered to be unnecessary?
-- Stephen Paul Weber, @singpolyma See <http://singpolyma.net> for how I prefer to be contacted edition right joseph
signature.asc
Description: Digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
