Debian-news is about one simple thing - news about Debian GNU/Linux and the top free distributions based on Debian GNU/Linux.


The Debian PGP disaster that almost was

A year ago, I wrote about the Debian OpenSSL PRNG bug that reduced the entropy of its random seed to 15 bits. There was a little-noticed part of the advisory that said all DSA keys used on the affected systems should be considered compromised. More here

DSA is a public-key signature algorithm. Unlike RSA, it isn’t useful for encryption or key exchange. Like other public key algorithms, it is extremely sensitive to the choice of parameters. I’ve written about RSA signature flaws (1, 2, 3) that resulted from too much ambiguity in how a signature verify operation was interpreted.

No Response to “The Debian PGP disaster that almost was” »

No comments yet.

RSS feed for comments on this post.

Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *


Debian-News is not related to the Debian Project.
All logos and trademarks on this site are property of their respective owners.