[cryptography] Another signature-scheme blunder

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Mar 21 05:32:11 PDT 2011

Looks like Motorola made a similar mistake to Sony in their digital


The description is a bit confusing (did they really use Elgamal signatures
rather than, say, DSA?), but it's basically the same thing Sony did.  If they
used actual Elgamal sigs though they went even further than Sony, along with
rolling their own broken crypto implementation they also decided to go their
own way with the signature scheme they used.  As I've said a number of times

  In practice you don.t need to know all the gory details of encryption modes
  and IVs and other cryptoplumbing, you just need to make sure that you apply
  the right tool for the job.  The right tool for fixing a blocked drain is a
  plumber, and the right tool for dealing with problems requiring cryptography
  is a security library written by someone who knows what they.re doing.

Or to quote Bruce:

  "anyone who creates his or her own cryptographic primitives is either a
  genius or a fool.  Given the genius/fool ratio for out species, the odds
  aren't very good".


cryptography mailing list
cryptography at randombit.net

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

More information about the cypherpunks-legacy mailing list