Jim Choate writes:
Anonmous writes:
Subject: CHALLENGE response (fwd)
The whole point of the CHALLENGE response went straight over his head, didn't it?
It didn't go over my head at all. What amazes me is that it took you this long to figure out that one could munge signatures.
Munge signatures!? He generated an RSA key pair to match the pre-published signature based on generating primes of special form and/or using multiple smaller primes to construct an n which he could perform discrete logs in (plus a dead beef attack), and all you can say is the above. You should take you hat off to anonymous.
No longer can you assume that just because you posted a signed message on a certain date, and you hold the public key which signed that message, that you can later prove authorship. It challenges some of the implicit assumptions which have been made in using public key cryptography.
No, it challenges basic assumptions regarding the importance of identity. In no way does it effect the basic math of crypto, public or otherwise.
It affects crypto: it means that one published signature is not sufficient to provide a provable relationship between a signed message and a public key. You have to provide two signatures. For example anonymous provide three signatures which check with that key (one is self sig on the key). Therefore it is not possible for someone to do the same attack again against his published signatures: they could match any one of the signatures, but no more. It may even be that there exist crypto protocols affected by this. Adam