[4909] in cryptography@c2.net mail archive
Re: hushmail security
daemon@ATHENA.MIT.EDU (Wei Dai)
Fri Jun 18 14:36:35 1999
Date: Fri, 18 Jun 1999 10:51:52 -0700
From: Wei Dai <weidai@eskimo.com>
To: anon3054@hushmail.com
Cc: cryptography@c2.net
In-Reply-To: <199906180357.UAA07431@mail1.hushmail.com>; from anon3054@hushmail.com on Fri, Jun 18, 1999 at 02:57:19PM +0000
On Fri, Jun 18, 1999 at 02:57:19PM +0000, anon3054@hushmail.com wrote:
> Of course we can dream of having it use X.509 certs and PGP keys and
> every other PKI that comes along, but that is clearly a long way down
> the road. Some simple way to verify keys out of band and mark them
> that way would be a good starting point. Can you do signatures with
> ElGamal keys? Weren't there some problems with ElGamal sigs found
> last year?
There is a paper in EUROCRYPT '96 about forging ElGamal signatures (see
http://www.bell-labs.com/user/bleichen/bib.html). And in general it's a bad
idea to use the same key pair for encryption and for signatures even if the
signature scheme has no problems.
For this problem of marking personally trusted keys, it's not necessary to
use a signature scheme. A message authentication code (MAC) would be
sufficient.
