[linux-neuchatel] clé gpg el-Gamal compromisent

Marc SCHAEFER schaefer at alphanet.ch
Thu Nov 27 19:24:36 CET 2003

On Thu, Nov 27, 2003 at 06:15:18PM +0100, Martial Paupe wrote:
> Les clés el-Gamal sont compromisent !

Pas tout à fait.

Les clés E-Gamal utilisées pour la *signature* sont vulnérables
d'après le lien que tu as donné.

Bien souvent on utilise une clé DSA pour la signature. 

   Note that the standard keys as generated by GnuPG (DSA and ElGamal
   encryption) as well as RSA keys are NOT vulnerable.  Note also that
   ElGamal signing keys cannot be generated without the use of a special
   flag to enable hidden options and even then overriding a warning
   message about this key type.  See below for details on how to identify
   vulnerable keys.

   schaefer at defian:~% gpg --list-keys 7F76BFC9
   pub  1024D/7F76BFC9 2000-08-05 Marc SCHAEFER (gpg) <schaefer at alphanet.ch>
   sub  1024g/B0E56315 2000-08-05


  une clé DSA pour la signature, une clé pour le chiffrement (El-Gamal).

> http://marc.theaimsgroup.com/?l=gnupg-announce&m=106992378510843&w=2

   I can't tell for sure.  According to the keyserver statistics, there
   are 848 primary ElGamal signing keys which are affected.  These are a
   mere 0.04 percent of all primary keys on the keyservers.  There are
   324 vulnerable subkeys on the keyservers, too.  

Apparemment un problème sérieux, mais très marginal dans son impact.

More information about the linux-neuchatel mailing list