Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: stealing ssh keys
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 26 Oct 2012 16:31:34 -0400

On Fri, Oct 26, 2012 at 3:58 PM, Thor (Hammer of God)
<thor () hammerofgod com> wrote:
Actually, the DSA key is used to sign the message in many applications,
though I've often wondered exactly what reduction in security exists if the
paired private key is used to sign material instead. Do you have any info on
that?  I've asked industry leaders in crypto, and while they report it
should be avoided, I've never received any quantified answer.

The place to ask is
http://lists.randombit.net/mailman/listinfo/cryptography or sci.crypt.
sic.crypt is a cesspool, and you will have to wade through the spam.

Private keys always sign. Perhaps you meant the public key?


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]