Unfortunately, normal person has no chance to understand that "explanation".įew Google searches later I found 2 writeups from Boston Key Party CTF 2015 which were slightly better: The problem of reusing k and the attack itself is explained in Stinson's "Cryptography Theory And Practice", pages 290-291. In particular, if two messages are sent using the same value of k and the same key, then an attacker can compute x directly. Otherwise, an attacker may be able to deduce the secret key x with reduced difficulty, perhaps enough to allow a practical attack. The signer must be careful to choose a different k uniformly at random for each signature and to be certain that k, or even partial information about k, is not leaked. Quick look in Wikipedia confirms that it's a really bad idea: In this crackme, it's SHA1 of the username I'm sure you already remember the algorithm from my previous blog post.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |