Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?
Sean Lynch
seanl at literati.org
Tue Sep 27 07:43:48 PDT 2016
On Tue, Sep 27, 2016, 02:44 Georgi Guninski <guninski at guninski.com> wrote:
> Two distinct DSA keys sign a file with the same signature. Is this
> repudiation issue?
>
> I have two distinct DSA keys k_1 and k_2, p_i are distinct 1024 bit
> primes and q_i are 160 bit primes (easily can be made larger).
> The other parameters of the keys are distinct, counting congruences.
>
> On openssl 1.0.1t they produce exactly the same signature on a file:
>
> $ openssl dgst -sha1 -verify key1.pub -signature file.txt.sig file.txt ;
> openssl dgst -sha1 -verify key2.pub -signature file.txt.sig file.txt
> Verified OK
> Verified OK
>
> In addition I created with them two valid self signed x509 certificates.
>
> The key owners can claim the other one made the signature,
> which appears crypto repudiation issue.
>
> How to try the signatures in other scenarios?
>
> Is this known?
>
> Is this theoretical weakness in openessl 1.0.1t?
>
> Is this a bug at all?
>
I think the bug is that openssl is silently ignoring parameters, because
I'm pretty sure what you're doing is producing and verifying sha1 hashes,
not cryptographic signatures. Which means your keys aren't entering the
picture at all.
I
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 1662 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20160927/6de88ad4/attachment.txt>
More information about the cypherpunks
mailing list