RSA/DSA questions
Damian Gerow
dgerow at afflictions.org
Fri May 23 12:17:05 PDT 2003
Thus spake Dave Howe (DaveHowe at gmx.co.uk) [23/05/03 14:54]:
> Damian Gerow wrote:
> > "For this reason we now believe PuTTY's DSA implementation is
> > probably OK. However, if you have the choice, we still recommend
> > you use RSA instead."
> Indeed so - but saying that (in their opinion) RSA IS implimented better and
> more securely in puTTY than DSA can hardly be the same as saying DSA should
> be avoided. As I understand it, the problem with DSA is that it is *very*
And the context of what I was talking about was PuTTY.
> dependent on the random number being random (collisions leading to
> weaknesses) - and everyone knows that windows is bad at RNG. What (as I
> understand it) the new putty scheme does is use the secret key to obfusc the
> random value a little - hashing it with both the private key and the hash of
> the message being signed - hoping to pull enough entropy out of those two to
> reduce the possibility of discovery of the random value due to it being
> limited to a subset of the "range" it should have. obviously, this approach
> won't produce gold from straw - you still have a limited set of possible
> values - but it should distribute them evenly across the range in a
> key-dependent manner, so that knowlege of the limited possible values would
> have to be per-key or involve knowledge of the private key (which is a
> game-over scenario anyhow)
> so my understanding of the above warning is that the games puTTY plays with
> the keyspace is *probably* enough to fix the lousy randomness of the windows
> platform - but they recommend that you use RSA where the randomness of a
> prng is not an issue.
Alrighty, that makes more sense. Thanks.
More information about the cypherpunks-legacy
mailing list