On Sat August 23 2008, Jeffrey Ollie wrote:
2008/8/23 Axel Thimm <Axel.Thimm(a)atrpms.net>:
> Have DSA keys now been banned?
Yes.
> Why?
The primary reason is that it's nearly impossible to tell if the key
was generated on a Debian system with the compromised OpenSSL
This is also true for RSA keys.
versions. I've heard rumblings that DSA keys are weaker for
other
reasons, but I've not seen any good explanations.
| In addition, any DSA key must be considered compromised if it has been used
| on a machine with a 'bad' OpenSSL. Simply using a 'strong' DSA key
(i.e.,
| generated with a 'good' OpenSSL) to make a connection from such a machine
| may have compromised it. This is due to an 'attack' on DSA that allows the
| secret key to be found if the nonce used in the signature is known or
| reused.
http://wiki.debian.org/SSLkeys#head-d841ac769390d013577ce3fd2be24b8cf5a74cfb
If you look at the descriptions of the dsa signing algorithm, e.g. in the
handbook of applied cryptography[1], you notice, that there is a random
parameter that is meant to kept secret.
Regards,
Till
[1]
http://www.cacr.math.uwaterloo.ca/hac/about/chap11.pdf