[E-Lang] Crypto analytic attack on DSA

Mark S. Miller markm@caplet.com
Thu, 08 Feb 2001 07:46:19 -0800

At 08:24 PM Wednesday 2/7/01, Bill Frantz wrote:
>Daniel Bleichenbacher of Bell Labs has found an attack on DSA when
>implemented as recommended by FIPS 186.  It appears from examination of the
>source code for Sun/Java 1.2, that their implementation suffers from this
>We have several possible methods of dealing with this problem:
>* Wait for Sun to fix the problem.
>* Use another DSA implementation.
>* Convert vat authentication to RSA.
>Converting vat authentication to RSA will increase the time it takes to
>generate the key pair, while cutting the time required for signing and

Unless the increase in key generation time is crushing, that's a great 
tradeoff, even if DSA weren't compromised.  I vote to convert to RSA.  Would 
that happen naturally with the incorporation of TLS?  If so, could we bundle 
this change into that one?