OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Rosa Tomas (t.rosadecros.cz)
Date: Thu Apr 12 2001 - 03:49:35 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Dear Mr. Grabbe,
    thank you for your interest in our work. Your comment and program are both
    excellent.

    What we would like to ask about is your warning about error(s) in our paper
    in Figure 3. We have checked our algorithm once again and we didn't find any
    bug there. Moreover our technician have written program used to test our
    attack just in the way according to the Figure 3. And it worked.

    One and only thing, that could be misleading is at the line 4. Note that the
    command r = r*f mod p belongs only to the else-part of the if-then-else
    statement.
    The line 4 at our Figure 3 is
    if (y=1) then wi=0 else wi=1; r=r*f mod p
    Because it is pseudocode and it is on one line it is read as if (y=1) then
    wi=0 else {wi=1; r=r*f mod p}. It is explained in our article, too.
    You wrote the loop for(i=1;i<=151;i++) correctly without our condition
    if-then-else and in fact you do r=r*f every time. But in the case wi=0 it
    holds in your program that f=1, thus r=r*f is not necessary to compute.

    We would very appreciate some other comments on our algorithm. And we are
    pleased that you implemented it and acknowledged it independently. Thank you
    very much for your work.

    Note, that we did not publish the implementation of the algorithm, to give
    NAI the time to release the patch.

    According to the page 4 of your web paper we also note that we will release
    the updated version of our paper soon. There will be included slight
    modification of the attack on DSA, which allows us to use the p' in proper
    length (eg. 512-1024 bits; from the mathematical point of view this
    modification is not very hard, but practically it seems to be useful).

    with the best regards
    Tomas Rosa and Vlastimil Klima

    -----Original Message-----
    From: orlingrabbe [mailto:orlingrabbeorlingrabbe.com]
    Sent: Wednesday, April 11, 2001 2:08 AM
    To: coderpunkstoad.com
    Subject: Java cryptanalysis program: the DSA flaw in OpenPGP

    I have written a Java cryptanalysis program and article
    for the Laissez Faire City Times regarding the recently
    announced DSA flaw in OpenPGP. The program does the
    calculations to back out the (secret) private key.

    An advance copy of the article and program is available
    at

    http://orlingrabbe.org/lfctimes/DSAflaw_OpenPGP.htm

    Cheers,

    Orlin