Full Disclosure mailing list archives

Re: stealing ssh keys

From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 26 Oct 2012 16:31:34 -0400

On Fri, Oct 26, 2012 at 3:58 PM, Thor (Hammer of God)
<thor () hammerofgod com> wrote:

Actually, the DSA key is used to sign the message in many applications,
though I've often wondered exactly what reduction in security exists if the
paired private key is used to sign material instead. Do you have any info on
that?  I've asked industry leaders in crypto, and while they report it
should be avoided, I've never received any quantified answer.

The place to ask is
http://lists.randombit.net/mailman/listinfo/cryptography or sci.crypt.
sic.crypt is a cesspool, and you will have to wade through the spam.

Private keys always sign. Perhaps you meant the public key?

Jeff

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

stealing ssh keys Daniel Sichel (Oct 23)
- Re: stealing ssh keys Jacqui Caren (Oct 24)
  - Re: stealing ssh keys Thor (Hammer of God) (Oct 24)
    - Re: stealing ssh keys Raj Mathur (राज माथुर) (Oct 24)
- <Possible follow-ups>
- Re: stealing ssh keys Ivaylo Hubanov (Oct 26)
  - Re: stealing ssh keys Thor (Hammer of God) (Oct 26)
    - Re: stealing ssh keys Jeffrey Walton (Oct 26)
  - Re: stealing ssh keys Raj Mathur (राज माथुर) (Oct 26)
    - Re: stealing ssh keys gold flake (Oct 29)
    - Re: stealing ssh keys Jeffrey Walton (Oct 29)