mailing list archives
Re: stealing ssh keys
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 26 Oct 2012 16:31:34 -0400
On Fri, Oct 26, 2012 at 3:58 PM, Thor (Hammer of God)
<thor () hammerofgod com> wrote:
Actually, the DSA key is used to sign the message in many applications,
though I've often wondered exactly what reduction in security exists if the
paired private key is used to sign material instead. Do you have any info on
that? I've asked industry leaders in crypto, and while they report it
should be avoided, I've never received any quantified answer.
The place to ask is
http://lists.randombit.net/mailman/listinfo/cryptography or sci.crypt.
sic.crypt is a cesspool, and you will have to wade through the spam.
Private keys always sign. Perhaps you meant the public key?
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/