Full Disclosure mailing list archives
Re: stealing ssh keys
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 26 Oct 2012 16:31:34 -0400
On Fri, Oct 26, 2012 at 3:58 PM, Thor (Hammer of God) <thor () hammerofgod com> wrote:
Actually, the DSA key is used to sign the message in many applications, though I've often wondered exactly what reduction in security exists if the paired private key is used to sign material instead. Do you have any info on that? I've asked industry leaders in crypto, and while they report it should be avoided, I've never received any quantified answer.
The place to ask is http://lists.randombit.net/mailman/listinfo/cryptography or sci.crypt. sic.crypt is a cesspool, and you will have to wade through the spam. Private keys always sign. Perhaps you meant the public key? Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- stealing ssh keys Daniel Sichel (Oct 23)
- Re: stealing ssh keys Jacqui Caren (Oct 24)
- Re: stealing ssh keys Thor (Hammer of God) (Oct 24)
- Re: stealing ssh keys Raj Mathur (राज माथुर) (Oct 24)
- Re: stealing ssh keys Thor (Hammer of God) (Oct 24)
- <Possible follow-ups>
- Re: stealing ssh keys Ivaylo Hubanov (Oct 26)
- Re: stealing ssh keys Thor (Hammer of God) (Oct 26)
- Re: stealing ssh keys Jeffrey Walton (Oct 26)
- Re: stealing ssh keys Raj Mathur (राज माथुर) (Oct 26)
- Re: stealing ssh keys gold flake (Oct 29)
- Re: stealing ssh keys Jeffrey Walton (Oct 29)
- Re: stealing ssh keys Thor (Hammer of God) (Oct 26)
- Re: stealing ssh keys Jacqui Caren (Oct 24)