Posting the keys/certs for: Two distinct DSA keys sign a file with the same signature. Is this repudiation issue?

Georgi Guninski guninski at guninski.com
Wed Sep 28 07:34:24 PDT 2016


On Wed, Sep 28, 2016 at 12:23:55PM +0300, Georgi Guninski wrote:
> Distinct DSA keys produce valid single signature of single file
> and the x509 certificates from the private keys work on openssl 1.0.2j
> 
> Tested on openssl 1.0.2j (latest and 1.0.1t latest) on Debian 8.
> 
> The keys (also private are attached).
> 
> Also at http://j.ludost.net/DSA1.tar.gz
>

[this thread is crossposted to Cryptography and Cypherpunks]

Isn't there RFC or some document which says what checks should be
made?

Last year I bitched:

RFC-2631, fips 186-3 and openssl's implementation of DSA appear broken (and possibly backdoored)

https://j.ludost.net/blog/archives/2015/09/05/rfc-2631_fips_186-3_and_openssls_implementation_of_dsa_appear_broken_and_possibly_backdoored/index.html
https://lists.cpunks.org/pipermail/cypherpunks/2015-September/009007.html
https://lists.cpunks.org/pipermail/cypherpunks/2015-September/024560.html
#^ openssl
 



More information about the cypherpunks mailing list