Re: DSA alternative to RSA

Enzo Michelangeli (em@who.net)
Tue, 28 Jul 1998 15:07:00 +0800

• Next message: Mok-Kong Shen: "Re: Question on large integer software"
• Previous message: Mok-Kong Shen: "Re: John Gilmore and the Great Internet Snake Drive"
• In reply to: mgraffam@mhv.net: "Re: John Gilmore and the Great Internet Snake Drive"
• Next in thread: KDBriggs1@aol.com: "Re: DSA alternative to RSA"

-----Original Message-----
From: Julian Assange <proff@iq.org>
Date: Tuesday, July 28, 1998 1:52 PM

>"Perry E. Metzger" <perry@piermont.com> writes:

[...]
>> Well, there is a *known* problem with the DSA -- if I am not mistaken,
>> it has the "subliminal channel" problem. (Am I correct on this?)
>>
>> Perry
>
>It certianly isn't alone in this. Most public signature schemes, with the
>exception of RSA have some form of subliminal channel. Further, recent
>papers suggest that DSA was strengthened against subliminal channels -
>they're still there, but they could have been worse.

In any case, if you can inspect the source code you may make sure that the
channel is not exploited.

>DSA authenticated DH is a good patent free substitute for RSA.

At least, if you don't listen to Prof. Schnorr (see, e.g.,
http://grouper.ieee.org/groups/1363/letters/SchnorrMar98Study.ps). NIST
itself doesn't give any guarantee on that thorny issue.

Enzo

• Next message: Mok-Kong Shen: "Re: Question on large integer software"
• Previous message: Mok-Kong Shen: "Re: John Gilmore and the Great Internet Snake Drive"
• In reply to: mgraffam@mhv.net: "Re: John Gilmore and the Great Internet Snake Drive"
• Next in thread: KDBriggs1@aol.com: "Re: DSA alternative to RSA"