[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

respect due to anonymous (Re: CHALLENGE response (fwd))




Jim Choate writes:
> Anonmous writes:
> > Subject: CHALLENGE response (fwd)
> 
> > The whole point of the CHALLENGE response went straight over his head,
> > didn't it? 
> 
> It didn't go over my head at all. What amazes me is that it took you this
> long to figure out that one could munge signatures.

Munge signatures!?  He generated an RSA key pair to match the
pre-published signature based on generating primes of special form
and/or using multiple smaller primes to construct an n which he could
perform discrete logs in (plus a dead beef attack), and all you can
say is the above.  You should take you hat off to anonymous.

> > No longer can you assume that just because you posted a signed message
> > on a certain date, and you hold the public key which signed that message,
> > that you can later prove authorship.  It challenges some of the implicit
> > assumptions which have been made in using public key cryptography.
> 
> No, it challenges basic assumptions regarding the importance of identity.
> In no way does it effect the basic math of crypto, public or otherwise.

It affects crypto: it means that one published signature is
not sufficient to provide a provable relationship between a signed
message and a public key.  You have to provide two signatures.

For example anonymous provide three signatures which check with that
key (one is self sig on the key).  Therefore it is not possible for
someone to do the same attack again against his published signatures:
they could match any one of the signatures, but no more.

It may even be that there exist crypto protocols affected by this.

Adam