[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] stealing ssh keys

To: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] stealing ssh keys
From: Jeffrey Walton <noloader@xxxxxxxxx>
Date: Fri, 26 Oct 2012 16:31:34 -0400

On Fri, Oct 26, 2012 at 3:58 PM, Thor (Hammer of God)
<thor@xxxxxxxxxxxxxxx> wrote:
> Actually, the DSA key is used to sign the message in many applications,
> though I've often wondered exactly what reduction in security exists if the
> paired private key is used to sign material instead. Do you have any info on
> that?  I've asked industry leaders in crypto, and while they report it
> should be avoided, I've never received any quantified answer.
>
The place to ask is
http://lists.randombit.net/mailman/listinfo/cryptography or sci.crypt.
sic.crypt is a cesspool, and you will have to wade through the spam.

Private keys always sign. Perhaps you meant the public key?

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] stealing ssh keys
  - From: Ivaylo Hubanov
- Re: [Full-disclosure] stealing ssh keys
  - From: Thor (Hammer of God)

Prev by Date: [Full-disclosure] [SECURITY] [DSA 2568-1] rtfm security update
Next by Date: Re: [Full-disclosure] XSS and IAA vulnerabilities in Wordfence Security for WordPress
Previous by thread: Re: [Full-disclosure] stealing ssh keys
Next by thread: Re: [Full-disclosure] stealing ssh keys
Index(es):
- Date
- Thread