Re: [Cfrg] Exposing the private key by signing "too many times"
Aaron Zauner <azet@azet.org> Thu, 14 April 2016 13:20 UTC
Return-Path: <azet@azet.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A36412E05B for <cfrg@ietfa.amsl.com>; Thu, 14 Apr 2016 06:20:17 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=azet.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e_A4lpKo83hZ for <cfrg@ietfa.amsl.com>; Thu, 14 Apr 2016 06:19:57 -0700 (PDT)
Received: from mail-pf0-x22b.google.com (mail-pf0-x22b.google.com [IPv6:2607:f8b0:400e:c00::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F119A12E02E for <cfrg@irtf.org>; Thu, 14 Apr 2016 06:19:50 -0700 (PDT)
Received: by mail-pf0-x22b.google.com with SMTP id c20so46088017pfc.1 for <cfrg@irtf.org>; Thu, 14 Apr 2016 06:19:50 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=azet.org; s=gmail; h=subject:mime-version:from:in-reply-to:date:cc:message-id:references :to; bh=C70nEqKeldygY/nX1QhfZdelAA93qIOUifBGskreAx0=; b=A5yLI4wboqNn6d2xJDNCM2AS8XE4HP2/Ln/RbV2885vwcGOLgZJVyXf4qrBn7gsKmu qAQlkqpHfeR2uAwwxo9jfSJeyIdTQpQG4cNfpLp3NwutOtJsEn7YNg8bqbHi6jcGEyQY f+GiVznmgmUh8voCyTNUKfOtruJ6ZdN7VLGOA=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:mime-version:from:in-reply-to:date:cc :message-id:references:to; bh=C70nEqKeldygY/nX1QhfZdelAA93qIOUifBGskreAx0=; b=mkSOp2SluTLFrRUxYvlmhxN6j4xzF8pTLRlI90n68McJWFFbTDirwBZsvpPGcb4AkA /N7IZTBzjGHANd19kIDx2HmfkPQiprhSCXOS/PHbV2SiM89mQplvIUdOfWTsZwMfkXXh zeHhBvCYKZPg8YDV75Fv0a4S5DS10dEIlKnWt0MXav0tqOgEhnXUDmCie4sfDBlnxY2O fAp+Dn9LKfYaHHukZBWY5+XK7PuIdyOyoAjPLhWKCfVKs/5lgHZR2dLTfkUs8QVkfQTl 9f7BeVQXupnU30g5kqQBNF9bqljX5qVvbe3btzgWeFNCw3f9MsMhOhHpMxcbDeUJpvms TtZw==
X-Gm-Message-State: AOPr4FV0k+lms7LhUQI0iRMHLP0YYii+jGI+tLILqR6r/TTTKt7mNyCmcxQlkX17Gpi1VQ==
X-Received: by 10.98.1.69 with SMTP id 66mr21572754pfb.10.1460639990483; Thu, 14 Apr 2016 06:19:50 -0700 (PDT)
Received: from [192.168.0.128] (node-278.pool-180-180.dynamic.totbb.net. [180.180.11.36]) by smtp.gmail.com with ESMTPSA id rw2sm58165653pab.30.2016.04.14.06.19.47 (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 14 Apr 2016 06:19:48 -0700 (PDT)
Mime-Version: 1.0 (Mac OS X Mail 9.2 \(3112\))
Content-Type: multipart/signed; boundary="Apple-Mail=_B1224062-D58D-4ADD-95FC-8F3530239958"; protocol="application/pgp-signature"; micalg="pgp-sha512"
X-Pgp-Agent: GPGMail 2.6b2
From: Aaron Zauner <azet@azet.org>
In-Reply-To: <C33F3EC3-AF92-4BC0-8191-32839135BBBB@vpnc.org>
Date: Thu, 14 Apr 2016 20:20:24 +0700
Message-Id: <F64A2BAD-D355-4EF1-A425-6B8A1D411145@azet.org>
References: <C33F3EC3-AF92-4BC0-8191-32839135BBBB@vpnc.org>
To: Paul Hoffman <paul.hoffman@vpnc.org>
X-Mailer: Apple Mail (2.3112)
Archived-At: <http://mailarchive.ietf.org/arch/msg/cfrg/1UFI57weUh-0um_A82NrkkrV-R8>
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Exposing the private key by signing "too many times"
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Apr 2016 13:20:17 -0000
> On 13 Apr 2016, at 08:31, Paul Hoffman <paul.hoffman@vpnc.org> wrote: > > Greetings again. I regularly hear from non-cryptographers that they once heard that you have to be careful not to sign "too many times" with the same public/private pair because doing so will expose the private key. I'm interested in the history of this belief. Are there any papers about the history of signature algorithms where this might have been true, or papers on the history of this belief? Could this be confusion with small DH subgroups and the `SSL_OP_SINGLE_DH_USE` option in OpenSSL? See CVE-2016-0701 for more details on the matter: https://www.openssl.org/news/secadv/20160128.txt Aaron
- [Cfrg] Exposing the private key by signing "too m… Paul Hoffman
- Re: [Cfrg] Exposing the private key by signing "t… Phillip Hallam-Baker
- Re: [Cfrg] Exposing the private key by signing "t… Paul Grubbs
- Re: [Cfrg] Exposing the private key by signing "t… Phillip Hallam-Baker
- Re: [Cfrg] Exposing the private key by signing "t… Taylor R Campbell
- Re: [Cfrg] Exposing the private key by signing "t… Manger, James
- Re: [Cfrg] Exposing the private key by signing "t… William Whyte
- Re: [Cfrg] Exposing the private key by signing "t… Aaron Zauner
- Re: [Cfrg] Exposing the private key by signing "t… Dan Brown
- Re: [Cfrg] Exposing the private key by signing "t… Thomas Pornin
- Re: [Cfrg] Exposing the private key by signing "t… David Jacobson
- Re: [Cfrg] Exposing the private key by signing "t… ned+cfrg