Looks like Motorola made a similar mistake to Sony in their digital signatures: http://nenolod.net/~nenolod/sholes-keyleak-explained.html The description is a bit confusing (did they really use Elgamal signatures rather than, say, DSA?), but it's basically the same thing Sony did. If they used actual Elgamal sigs though they went even further than Sony, along with rolling their own broken crypto implementation they also decided to go their own way with the signature scheme they used. As I've said a number of times before: In practice you don.t need to know all the gory details of encryption modes and IVs and other cryptoplumbing, you just need to make sure that you apply the right tool for the job. The right tool for fixing a blocked drain is a plumber, and the right tool for dealing with problems requiring cryptography is a security library written by someone who knows what they.re doing. Or to quote Bruce: "anyone who creates his or her own cryptographic primitives is either a genius or a fool. Given the genius/fool ratio for out species, the odds aren't very good". Peter. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE