431:
421:
400:
203:
1186:
attacked if you mess it up. It's critical to the security of the algorithm that people need to know that they can't reuse a k, even if they keep it secret, that they have to use a good random source to choose their k, and that they have to make sure that k remains secret. There have been two major screw-ups concerning the k-value already (the Debian PRNG flaw & the hacking of the PS3), so I think that more people need to know about this.
632:
776:
758:
282:
540:
509:
608:
848:
140:
80:
53:
1937:
start again with a different random {\displaystyle k}k. Compute {\displaystyle s:=\left(k^{-1}\left(H(m)+xr\right)\right){\bmod {\,}}q}{\displaystyle s:=\left(k^{-1}\left(H(m)+xr\right)\right){\bmod {\,}}q}. In the unlikely case that {\displaystyle s=0}s=0, start again with a different random {\displaystyle k}k. The signature is {\displaystyle \left(r,s\right)}\left(r,s\right)
22:
694:
193:
172:
1830:
The article used to specify 0<k<q, which was consistent with FIPS 186-4 (see the 'Output' clauses in B.2). Currently the article says 1<k<q, which isn't necessarily a bad idea but isn't consistent with the spec and doesn't tell you what the implementations actually do. I think the article
997:
I would say the view is held not by a minority, but by everyone! We're not talking about some secret conspiracy here; NSA officials such as Bill
Crowell spelled it out in Congressional testimony. The speculative part is whether or not DSA was specifically meant to hamper the commercialization of RSA.
1348:
by hashing these values. Such a method has been analyzed in the paper "Computational
Alternatives to Random Number Generators" by M’Raihi, Naccache, Pointcheval, Vaudenay presented at SAC'98. Since RSA also needs to be implemented very carefully, I don't agree with the strong preference above. Also,
1936:
Choose an integer {\displaystyle k}k randomly from {\displaystyle \{1\ldots q-1\}}{\displaystyle \{1\ldots q-1\}} Compute {\displaystyle r:=\left(g^{k}{\bmod {\,}}p\right){\bmod {\,}}q}{\displaystyle r:=\left(g^{k}{\bmod {\,}}p\right){\bmod {\,}}q}. In the unlikely case that {\displaystyle r=0}r=0,
1069:
In short, DSA has a perception issues whether one accept this as a fact is a different story. I guess we will have to wait until more people support the hypothesis before that paragraph can move in the front article. Remember people used to believe the world is flat until reality dawned at them one
966:
across borders in a way which did not allow encryption. Those signatures required high security asymmetric key encryption algorithms, but the DSA (the algorithm at the heart of the DSS) was intended to allow one use of those algorithms, but not the other. It didn't work. DSA was discovered, shortly
1061:
Interesting stuff, I will have to admit that paragraph will likely never stay on the front page for long. Too many people will think you are making it up unfortunately. In fact, the first time I had of it, was on a cryto related thread on lkml (Linux kernel mailing list) Even there, the suggestion
1065:
Then, a month ago, I was in TLUG (Toronto Linux user group) and there was a discussion of ssh. The one thing everybody seemed to agree on is using DSA is a bad idea. RSA should be used whenever possible. Some books like UNIX System
Administration Handbook (3rd Edition) (Paperback) by Evi Nemeth,
1185:
You are correct, the k-value is a more complicated beast that we don't have a proper term for. I expanded the notes about the k-value to include all the security requirements (secrecy, uniqueness & unpredictability) that I know of and gave a reference that shows the math for how DSA can be
1249:
key! This would allow an attacker to pretend to be you for any number of future sessions. PuTTY's implementation has taken very careful precautions to avoid this weakness, but we cannot be 100% certain we have managed it, and if you have the choice we strongly recommend using RSA keys
1434:
The statement assumes that the recipient of the signature knows, by means external to the signature itself, which message it is supposed to sign. He can therefore compute H(M) himself. If he tries to do the calculation with the hash of a different message, he will simply find that it
998:
I think there is less agreement here, but it is still a pretty widely held opinion. And of course, the reasons that it failed (if that was the plan) are much more complex than the observation that it is possible to bludgeon DSA into doing encryption (very slowly).
1323:. Deploying a PRNG such that it cannot be fooled or predicted is surprisingly tricky; one has to either trust an OS-provided source of randomness, or do complex and easy-to-get-wrong platform-dependent stuff in order to gather entropy from the environment oneself.
1447:
Indeed, the WHOLE POINT of a signature is the recipiant calculates H(M) from the message and therefore in verifying the signature verfies not only that the signature is internally consistent but that the received message is the same one the sender signed.
1335:
There are some comments in the file sshdss.c of Putty's implementation, which amount to what you just mentioned. Apparently Putty's implementors don't trust their own pseudorandom number generator, hence they use a method that derives
1205:
hey guys.... i just wanted to know the data type in java that can support the global variables in DSS...the length of 'p' cud vary from 512 bits to 1024 bits....i m confused as to how shall i proceed with the project....
1470:
DSA article almost entirely contains the
Elliptic Curve DSA article. Also the Elliptic Curve DSA article describes Elliptic Curve DSA as a variant of DSA whereas it is the only algorithm described in the DSA article.
957:
as part of the
Federal Government's attempt to control high security cryptography. Part of that policy included prohibition (with severe criminal penalties) of the export of high quality encryption algorithms. The
1514:
Choosing a value of p much larger than q is complete nonsense, because the security does not depend on the size of p only on the size of q. It means calculation becomes more difficult without rising the security.
987:
There have been allegations that the government likes the DSA because it is only a digital signature algorithm and can’t be used for encryption. It is, however, possible to use the DSA function call to do ElGamal
370:
2150:
816:
2130:
822:
130:
1943:
That is, first it says that 'k' is chosen randomly and 'r' and 's' are computed. Then it talks about the calculation of 'k' and 'r'. 'k' cannot both be calculated and chosen randomly.
725:
1987:
amounts to creating a new per-message key. ". That's incorrect: s is not part of a key. Hence the revert. If you object to the sentence then you need to do more than change k to s.
967:
after its release, to be capable of encryption (prohibited high quality encryption, at that) but to be so slow when used for encryption as to be even more than usually impractical.
1066:
Garth Snyder, Scott
Seebass, Trent R. Hein don't advice it use, but others like Professional Red Hat Enterprise Linux 3 (Wrox Professional Guides) (Paperback) advice on its use.
2145:
2110:
2125:
646:
2045:
154:
1005:
I would at least point to the fact that DSA can be used for encryption (RSA and
Elgamal) by choosing special inputs to the sign function (As described by Schneier). --
1891:
1610:
1600:
915:
I'm not qualified to do this but would it be possible to have a section to describe the security of DSA? I think it rests on the fact that an attacker cannot derive
2050:
1990:
In reality k isn't just plucked out of the air; there will normally be some computation involved - running an RBG and (in the B.2.1 strategy) a modular reduction.
1985:
1965:
1772:
1768:
1754:
1662:
1658:
1644:
2035:
120:
1105:. I had to go to the spec to figure that out. Does it make sense to add a small bit of verbiage to that effect, or is that something that should be obivous?
1500:
It is true, (p-1) must have a large prime factor which is smaller or equal to q= (p-1)/2. But why not choosing a safe prime with q=(p-1)/2 is a prime number?
2155:
491:
2120:
2080:
481:
2095:
2055:
2040:
598:
588:
1245:
recommend you use RSA. DSA has an intrinsic weakness which makes it very easy to create a signature which contains enough information to give away the
2160:
2105:
2085:
792:
622:
1300:
is ever used to sign two different messages, an attacker can (1) immediately see that this is the case because the two signatures will have the same
2135:
1209:
659:
641:
523:
96:
2065:
2030:
457:
259:
249:
149:
63:
2075:
1546:
1516:
1501:
1449:
783:
763:
564:
2090:
2070:
1213:
930:
2100:
1478:
1187:
87:
58:
1750:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
1350:
1122:
so frequently that they forget to include pointers to the relevant pages. I've added links to some articles that should be helpful.
444:
405:
1611:
https://web.archive.org/web/20140606050814/http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
1601:
https://web.archive.org/web/20140606050814/http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
1740:
225:
1584:
2140:
2060:
1423:
547:
514:
328:
2115:
617:
519:
334:
1438:
The article's description is consistent with what a "DSA signature" is considered to consist of in, for example, RFC 3279. –
1614:
1604:
1254:
Can anyone elaborate on what this weakness is, and (although off topic) why is RSA any worse/better than DSA for TLS? --
1815:
1705:
1408:
It is stated that the signature is (r, s), but shouldn't this be (r, s, H(M)) as the verifier must calculate Hw mod q?
294:
33:
1276:
be cryptographically random, be kept secret, and never reused. If an attacker (who knows the public key) can guess the
971:
Is this viewpoint not held by anyone, even a minority? (If so, it should be reinserted into the article in some form).
1724:
1568:
1090:
856:
216:
177:
1850:
libsodium is listed as an implementation of DSA, however I cannot find any indication that it is. libsodium uses the
1530:
1234:
1027:
1022:
734:
Create the
Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
1771:
to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
1661:
to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
1453:
708:
1550:
1520:
1505:
1326:
An RSA signer does not have this problem, because no random value is needed for its basic signing primitive. –
1217:
934:
1806:
1732:
1696:
1576:
1482:
1191:
341:
1940:
The calculation of {\displaystyle k}k and {\displaystyle r}r amounts to creating a new per-message key. "
1354:
560:
1089:
I don't know squat about math, but when trying to implement DSA signing using the sequence of steps here
1790:
If you have discovered URLs which were erroneously considered dead by the bot, you can report them with
1778:
1680:
If you have discovered URLs which were erroneously considered dead by the bot, you can report them with
1668:
1349:
there are quite a few people that prefer the randomized RSA signatures over the deterministic variants.
1177:
1123:
355:
221:
39:
1731:. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit
1575:. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit
1047:
1042:
NIST claims that they reviewed
Schnorr's patent and concluded that DSA is not infriging the patent in
1635:
1474:
1439:
1411:
1327:
1109:
926:
852:
1415:
1255:
21:
1419:
1259:
1145:
791:
on
Knowledge. If you would like to participate, please visit the project page, where you can join
563:
on Knowledge. If you would like to participate, please visit the project page, where you can join
456:
on Knowledge. If you would like to participate, please visit the project page, where you can join
300:
224:
on Knowledge. If you would like to participate, please visit the project page, where you can join
95:
on Knowledge. If you would like to participate, please visit the project page, where you can join
1898:
1288:
of his choosing, it is a matter of simple arithmetic for him to recover the full private key, as
1119:
1033:
1006:
436:
317:
1775:
before doing mass systematic removals. This message is updated dynamically through the template
1665:
before doing mass systematic removals. This message is updated dynamically through the template
420:
399:
1791:
1681:
1993:
1908:
1859:
1832:
1741:
https://web.archive.org/web/20131226115544/http://csrc.nist.gov/publications/fips/fips1861.pdf
1370:
963:
703:
351:
307:
208:
1594:
1585:
https://web.archive.org/web/20130109092551/http://www.certicom.com/index.php/dr-david-kravitz
1315:
This means that the security of a DSA signing routine is at the mercy of the security of the
923:
from a signature or public key because of the hardness of Discrete Logarithm Problem (DLP).
2012:
1391:
990:
976:
1798:
1688:
1533:
before. So, p must have at least 1000 bits, that's true, but still it is possible to use a
1869:
313:
1043:
2016:
2001:
1916:
1902:
1840:
1820:
1710:
1615:
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
1605:
http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf
1554:
1524:
1509:
1486:
1457:
1442:
1427:
1395:
1358:
1330:
1263:
1221:
1195:
1180:
1126:
1112:
1050:
1036:
1009:
938:
1855:
1757:, "External links modified" talk page sections are no longer generated or monitored by
1647:, "External links modified" talk page sections are no longer generated or monitored by
999:
788:
281:
1970:
1950:
1797:
If you found an error with any archives or the URLs themselves, you can fix them with
1744:
1687:
If you found an error with any archives or the URLs themselves, you can fix them with
737:
Find editors who have shown interest in this subject and ask them to take a look here.
2024:
1997:
1912:
1894:
1836:
1588:
1164:
predictable. This might allow lattice based attacks that can recover the secret key
1152:
it should be time-variant (including a suitably granular timestamp in its value) ...
775:
757:
92:
631:
1079:
2008:
1764:
1654:
1387:
962:(Digital Signature Standard) was intended to provide a way to use high security
449:
1028:
http://www.privacy.nb.ca/cryptography/archives/coderpunks/new/1998-08/0009.html
1023:
http://www.privacy.nb.ca/cryptography/archives/coderpunks/new/1998-08/0006.html
607:
539:
508:
1763:. No special action is required regarding these talk page notices, other than
1653:. No special action is required regarding these talk page notices, other than
1534:
453:
426:
347:
321:
198:
1933:
The current text says: " A message {\displaystyle m}m is signed as follows:
556:
139:
1308:
by dividing the difference of the message hashes by the difference of the
552:
1148:
might mislead some readers. Specially the description of a nounce says
1851:
1542:
972:
79:
52:
693:
1863:
1384:
1269:
It sounds like they refer to the fact that the per-message value
1316:
1032:
Anyone has another source? Could not find a working archive.. --
954:
838:
192:
171:
15:
1620:
When you have finished reviewing my changes, please set the
1019:
The two links disputing the Schnorr patent claim are 404's:
692:
630:
606:
138:
1735:
for additional information. I made the following changes:
1595:
http://csrc.nist.gov/groups/SMA/ispab/documents/94-rpt.txt
1579:
for additional information. I made the following changes:
1369:
As an interesting aside, that's what happened because of
1497:
I cannot see any, it is just more complicated, I think.
1927:
1728:
1572:
880:
874:
868:
862:
685:
680:
675:
670:
2151:
Unknown-importance WikiProject Cryptocurrency articles
1284:
message, possibly by tricking the signer into using a
1044:
http://csrc.nist.gov/publications/nistbul/csl94-11.txt
1973:
1953:
1872:
2131:
C-Class Computer Security articles of Mid-importance
787:, a collaborative effort to improve the coverage of
551:, a collaborative effort to improve the coverage of
448:, a collaborative effort to improve the coverage of
220:, a collaborative effort to improve the coverage of
91:, a collaborative effort to improve the coverage of
1767:using the archive tool instructions below. Editors
1745:
http://csrc.nist.gov/publications/fips/fips1861.pdf
1657:using the archive tool instructions below. Editors
1979:
1959:
1885:
1866:. But it certainly isn't (multiplicative group of
1589:http://www.certicom.com/index.php/dr-david-kravitz
1383:on a buggy system should be considered compromised
821:This article has not yet received a rating on the
715:Review importance and quality of existing articles
1854:signature scheme, which is more comparable to an
1831:should reflect the spec. Anyone agree/disagree?
897:Describe Schnoor's claims of patent infringement
718:Identify categories related to Computer Security
1118:You have a good point here. Cryptographers use
1753:This message was posted before February 2018.
1643:This message was posted before February 2018.
1312:values, (3) recover the private key as before.
1085:A little bit more info for signing description
1080:http://sdp.opendawn.com/index.php/DSA2_support
1292:is then the only unknown in the equation for
1074:DSA standard revised. Article needs updating.
8:
1862:, though also often considered a variant of
1070:day. Here is to hoping it will happen again
2146:C-Class WikiProject Cryptocurrency articles
2111:C-Class software articles of Low-importance
1947:You reverted it to say "The calculation of
1723:I have just modified one external link on
924:
894:Describe initial criticism of the standard
752:
724:Identify articles for creation (see also:
654:
503:
394:
289:Here are some tasks awaiting attention:
267:
166:
47:
2126:Mid-importance Computer Security articles
1972:
1952:
1877:
1871:
1567:I have just modified 4 external links on
706:. Please allow some days for processing.
2046:Mid-importance Computer science articles
1057:Hmm, this looks like wide spread opinion
982:Schneier, Applied Cryptography, 2nd ed:
1340:deterministically from the private key
1235:PuTTYgen's docs on selecting a key type
754:
505:
396:
168:
49:
19:
2051:WikiProject Computer science articles
1632:to let others know (documentation at
7:
2036:Top-importance Cryptography articles
801:Knowledge:WikiProject Cryptocurrency
781:This article is within the scope of
545:This article is within the scope of
442:This article is within the scope of
214:This article is within the scope of
85:This article is within the scope of
2156:WikiProject Cryptocurrency articles
1404:Statement that the signature=(r, s)
1304:, (2) find the value of the reused
1091:Digital_Signature_Algorithm#Signing
949:Recently removed from the article:
807:WikiProject Cryptocurrency articles
804:Template:WikiProject Cryptocurrency
38:It is of interest to the following
2121:C-Class Computer Security articles
2081:Low-importance numismatic articles
105:Knowledge:WikiProject Cryptography
14:
2096:Low-importance Computing articles
2056:WikiProject Cryptography articles
2041:C-Class Computer science articles
1727:. Please take a moment to review
1571:. Please take a moment to review
1062:was finding a lot of resistance.
731:Identify articles for improvement
466:Knowledge:WikiProject Numismatics
108:Template:WikiProject Cryptography
2161:Knowledge pages with to-do lists
2106:Low-importance software articles
2086:WikiProject Numismatics articles
1097:= the multiplicative inverse of
1093:, it was not obvious to me that
846:
774:
756:
538:
507:
469:Template:WikiProject Numismatics
429:
419:
398:
280:
201:
191:
170:
78:
51:
20:
1593:Corrected formatting/usage for
593:This article has been rated as
573:Knowledge:WikiProject Computing
486:This article has been rated as
254:This article has been rated as
125:This article has been rated as
2136:All Computer Security articles
1525:18:32, 11 September 2015 (UTC)
1510:17:51, 11 September 2015 (UTC)
1181:23:44, 14 September 2006 (UTC)
576:Template:WikiProject Computing
335:Content (media and publishing)
1:
2066:Low-importance Media articles
2031:C-Class Cryptography articles
1841:11:54, 24 November 2017 (UTC)
1711:02:24, 13 December 2016 (UTC)
1493:Advantage compared to Elgamal
1458:12:48, 15 February 2012 (UTC)
1359:06:34, 19 November 2007 (UTC)
1331:00:03, 19 November 2007 (UTC)
1264:22:10, 18 November 2007 (UTC)
1196:05:03, 31 December 2010 (UTC)
1051:00:48, 17 February 2006 (UTC)
1037:11:18, 20 December 2005 (UTC)
1010:11:20, 20 December 2005 (UTC)
795:and see a list of open tasks.
702:will be generated shortly by
660:WikiProject Computer Security
642:WikiProject Computer Security
639:This article is supported by
615:This article is supported by
567:and see a list of open tasks.
460:and see a list of open tasks.
271:WikiProject Media To-do List:
228:and see a list of open tasks.
147:This article is supported by
99:and see a list of open tasks.
1529:Hmmmmm - I didn't read this
150:WikiProject Computer science
2076:C-Class numismatic articles
1846:Implementations: libsodium?
1725:Digital Signature Algorithm
1569:Digital Signature Algorithm
1555:09:53, 7 October 2015 (UTC)
1443:01:25, 6 January 2008 (UTC)
1428:14:23, 3 January 2008 (UTC)
1237:, I came across this line:
1222:15:27, 8 January 2007 (UTC)
1127:15:25, 16 August 2006 (UTC)
939:21:15, 13 August 2023 (UTC)
857:Digital Signature Algorithm
234:Knowledge:WikiProject Media
2177:
2091:C-Class Computing articles
2071:WikiProject Media articles
2017:08:11, 6 August 2021 (UTC)
2002:14:41, 7 August 2021 (UTC)
1784:(last update: 5 June 2024)
1720:Hello fellow Wikipedians,
1674:(last update: 5 June 2024)
1564:Hello fellow Wikipedians,
1531:Discrete_logarithm_records
1156:Including a timestamp into
1113:17:15, 4 August 2006 (UTC)
784:WikiProject Cryptocurrency
599:project's importance scale
492:project's importance scale
260:project's importance scale
237:Template:WikiProject Media
2101:C-Class software articles
1917:10:29, 15 June 2019 (UTC)
1907:Agreed. I've removed it.
1903:10:29, 14 June 2019 (UTC)
1821:03:42, 27 July 2017 (UTC)
1487:13:04, 23 June 2008 (UTC)
1466:DSA vs Elliptic Curve DSA
1379:weak, any DSA key merely
1296:. Similarly, if the same
1176:must not be predictable.
1002:06:22, 24 Sep 2004 (UTC)
820:
769:
653:
638:
614:
592:
533:
485:
414:
266:
253:
186:
146:
124:
73:
46:
1396:02:49, 3 June 2008 (UTC)
1160:would make some bits of
979:22:53, 5 Sep 2004 (UTC)
88:WikiProject Cryptography
1716:External links modified
1560:External links modified
993:23:17, 5 Sep 2004 (UTC)
953:It was designed at the
445:WikiProject Numismatics
2141:All Computing articles
2061:C-Class Media articles
1981:
1961:
1887:
1545:with that safe prime.
1252:
1015:Schnorr patent dispute
969:
697:
635:
611:
561:information technology
143:
28:This article is rated
2116:All Software articles
1982:
1962:
1888:
1886:{\displaystyle Z_{p}}
1373:. Since the PRNG was
1241:The PuTTY developers
1239:
1212:comment was added by
1140:Calling the variable
951:
696:
634:
610:
548:WikiProject Computing
371:requests for comments
356:Alternative newspaper
142:
111:Cryptography articles
1971:
1951:
1870:
1765:regular verification
1655:regular verification
1319:it uses to generate
721:Tag related articles
658:Things you can help
618:WikiProject Software
1922:k is not calculated
1755:After February 2018
1645:After February 2018
1624:parameter below to
709:More information...
472:numismatic articles
1977:
1957:
1883:
1860:Schnorr signatures
1809:InternetArchiveBot
1760:InternetArchiveBot
1699:InternetArchiveBot
1650:InternetArchiveBot
1120:modular arithmetic
964:digital signatures
945:DSA and encryption
886:Updated 2005-03-28
698:
636:
612:
579:Computing articles
437:Numismatics portal
318:Video game culture
144:
34:content assessment
1980:{\displaystyle s}
1960:{\displaystyle r}
1785:
1675:
1489:
1477:comment added by
1430:
1414:comment added by
1225:
1172:or even parts of
941:
929:comment added by
905:
904:
837:
836:
833:
832:
829:
828:
751:
750:
747:
746:
743:
742:
502:
501:
498:
497:
393:
392:
389:
388:
385:
384:
381:
380:
352:Alternative media
217:WikiProject Media
209:Journalism portal
165:
164:
161:
160:
2168:
1986:
1984:
1983:
1978:
1966:
1964:
1963:
1958:
1892:
1890:
1889:
1884:
1882:
1881:
1819:
1810:
1783:
1782:
1761:
1709:
1700:
1673:
1672:
1651:
1639:
1472:
1409:
1344:and the message
1207:
887:
850:
849:
839:
823:importance scale
809:
808:
805:
802:
799:
778:
771:
770:
760:
753:
726:Article requests
711:
655:
581:
580:
577:
574:
571:
542:
535:
534:
529:
526:
511:
504:
474:
473:
470:
467:
464:
439:
434:
433:
432:
423:
416:
415:
410:
402:
395:
295:Article requests
284:
277:
276:
268:
242:
241:
238:
235:
232:
211:
206:
205:
204:
195:
188:
187:
182:
174:
167:
131:importance scale
113:
112:
109:
106:
103:
82:
75:
74:
69:
66:
64:Computer science
55:
48:
31:
25:
24:
16:
2176:
2175:
2171:
2170:
2169:
2167:
2166:
2165:
2021:
2020:
1969:
1968:
1949:
1948:
1924:
1873:
1868:
1867:
1848:
1828:
1813:
1808:
1776:
1769:have permission
1759:
1733:this simple FaQ
1718:
1703:
1698:
1666:
1659:have permission
1649:
1633:
1577:this simple FaQ
1562:
1495:
1468:
1440:Henning Makholm
1406:
1328:Henning Makholm
1231:
1208:—The preceding
1203:
1138:
1087:
1076:
1059:
1017:
947:
913:
901:
900:
861:
847:
806:
803:
800:
797:
796:
712:
707:
690:
578:
575:
572:
569:
568:
527:
517:
471:
468:
465:
462:
461:
435:
430:
428:
408:
377:
314:Media influence
239:
236:
233:
230:
229:
207:
202:
200:
180:
110:
107:
104:
101:
100:
67:
61:
32:on Knowledge's
29:
12:
11:
5:
2174:
2172:
2164:
2163:
2158:
2153:
2148:
2143:
2138:
2133:
2128:
2123:
2118:
2113:
2108:
2103:
2098:
2093:
2088:
2083:
2078:
2073:
2068:
2063:
2058:
2053:
2048:
2043:
2038:
2033:
2023:
2022:
2005:
2004:
1991:
1988:
1976:
1956:
1923:
1920:
1880:
1876:
1856:elliptic curve
1847:
1844:
1827:
1824:
1803:
1802:
1795:
1748:
1747:
1739:Added archive
1717:
1714:
1693:
1692:
1685:
1618:
1617:
1609:Added archive
1607:
1599:Added archive
1597:
1591:
1583:Added archive
1561:
1558:
1547:109.90.224.162
1517:109.90.224.162
1502:109.90.224.162
1494:
1491:
1467:
1464:
1463:
1462:
1461:
1460:
1450:130.88.108.187
1436:
1405:
1402:
1401:
1400:
1399:
1398:
1364:
1363:
1362:
1361:
1324:
1313:
1230:
1227:
1202:
1199:
1154:
1153:
1137:
1136:is not a nonce
1131:
1130:
1129:
1086:
1083:
1075:
1072:
1058:
1055:
1054:
1053:
1016:
1013:
995:
994:
946:
943:
912:
909:
907:
903:
902:
899:
898:
895:
889:
844:
842:
835:
834:
831:
830:
827:
826:
819:
813:
812:
810:
798:Cryptocurrency
793:the discussion
789:cryptocurrency
779:
767:
766:
764:Cryptocurrency
761:
749:
748:
745:
744:
741:
740:
739:
738:
735:
732:
729:
722:
719:
716:
700:Article alerts
691:
689:
688:
683:
678:
673:
667:
664:
663:
651:
650:
647:Mid-importance
637:
627:
626:
623:Low-importance
613:
603:
602:
595:Low-importance
591:
585:
584:
582:
565:the discussion
543:
531:
530:
528:Low‑importance
512:
500:
499:
496:
495:
488:Low-importance
484:
478:
477:
475:
458:the discussion
441:
440:
424:
412:
411:
409:Low‑importance
403:
391:
390:
387:
386:
383:
382:
379:
378:
376:
375:
374:
373:
366:
358:
337:
324:
303:
288:
286:
285:
273:
272:
264:
263:
256:Low-importance
252:
246:
245:
243:
240:Media articles
226:the discussion
213:
212:
196:
184:
183:
181:Low‑importance
175:
163:
162:
159:
158:
155:Mid-importance
145:
135:
134:
127:Top-importance
123:
117:
116:
114:
97:the discussion
83:
71:
70:
68:Top‑importance
56:
44:
43:
37:
26:
13:
10:
9:
6:
4:
3:
2:
2173:
2162:
2159:
2157:
2154:
2152:
2149:
2147:
2144:
2142:
2139:
2137:
2134:
2132:
2129:
2127:
2124:
2122:
2119:
2117:
2114:
2112:
2109:
2107:
2104:
2102:
2099:
2097:
2094:
2092:
2089:
2087:
2084:
2082:
2079:
2077:
2074:
2072:
2069:
2067:
2064:
2062:
2059:
2057:
2054:
2052:
2049:
2047:
2044:
2042:
2039:
2037:
2034:
2032:
2029:
2028:
2026:
2019:
2018:
2014:
2010:
2003:
1999:
1995:
1992:
1989:
1974:
1954:
1946:
1945:
1944:
1941:
1938:
1934:
1931:
1929:
1921:
1919:
1918:
1914:
1910:
1905:
1904:
1900:
1896:
1878:
1874:
1865:
1861:
1857:
1853:
1845:
1843:
1842:
1838:
1834:
1825:
1823:
1822:
1817:
1812:
1811:
1800:
1796:
1793:
1789:
1788:
1787:
1780:
1774:
1770:
1766:
1762:
1756:
1751:
1746:
1742:
1738:
1737:
1736:
1734:
1730:
1726:
1721:
1715:
1713:
1712:
1707:
1702:
1701:
1690:
1686:
1683:
1679:
1678:
1677:
1670:
1664:
1660:
1656:
1652:
1646:
1641:
1637:
1631:
1627:
1623:
1616:
1612:
1608:
1606:
1602:
1598:
1596:
1592:
1590:
1586:
1582:
1581:
1580:
1578:
1574:
1570:
1565:
1559:
1557:
1556:
1552:
1548:
1544:
1540:
1536:
1532:
1527:
1526:
1522:
1518:
1512:
1511:
1507:
1503:
1498:
1492:
1490:
1488:
1484:
1480:
1476:
1465:
1459:
1455:
1451:
1446:
1445:
1444:
1441:
1437:
1433:
1432:
1431:
1429:
1425:
1421:
1417:
1413:
1403:
1397:
1393:
1389:
1385:
1382:
1378:
1377:
1372:
1371:CVE-2008-0166
1368:
1367:
1366:
1365:
1360:
1356:
1352:
1347:
1343:
1339:
1334:
1333:
1332:
1329:
1325:
1322:
1318:
1314:
1311:
1307:
1303:
1299:
1295:
1291:
1287:
1283:
1280:used to sign
1279:
1275:
1272:
1268:
1267:
1266:
1265:
1261:
1257:
1251:
1248:
1244:
1238:
1236:
1233:Upon reading
1229:DSA weakness?
1228:
1226:
1223:
1219:
1215:
1214:125.23.19.220
1211:
1201:data type....
1200:
1198:
1197:
1193:
1189:
1183:
1182:
1179:
1178:67.84.116.166
1175:
1171:
1167:
1163:
1159:
1151:
1150:
1149:
1147:
1143:
1135:
1132:
1128:
1125:
1124:67.84.116.166
1121:
1117:
1116:
1115:
1114:
1111:
1106:
1104:
1100:
1096:
1092:
1084:
1082:
1081:
1073:
1071:
1067:
1063:
1056:
1052:
1049:
1045:
1041:
1040:
1039:
1038:
1035:
1030:
1029:
1025:
1024:
1020:
1014:
1012:
1011:
1008:
1003:
1001:
992:
989:
985:
984:
983:
980:
978:
974:
968:
965:
961:
956:
950:
944:
942:
940:
936:
932:
931:159.196.168.4
928:
922:
918:
910:
908:
896:
893:
892:
891:
888:
885:
882:
879:
876:
873:
870:
867:
864:
860:
858:
854:
843:
841:
840:
824:
818:
815:
814:
811:
794:
790:
786:
785:
780:
777:
773:
772:
768:
765:
762:
759:
755:
736:
733:
730:
727:
723:
720:
717:
714:
713:
710:
705:
701:
695:
687:
684:
682:
679:
677:
674:
672:
669:
668:
666:
665:
661:
657:
656:
652:
648:
645:(assessed as
644:
643:
633:
629:
628:
624:
621:(assessed as
620:
619:
609:
605:
604:
600:
596:
590:
587:
586:
583:
566:
562:
558:
554:
550:
549:
544:
541:
537:
536:
532:
525:
521:
516:
513:
510:
506:
493:
489:
483:
480:
479:
476:
459:
455:
451:
447:
446:
438:
427:
425:
422:
418:
417:
413:
407:
404:
401:
397:
372:
368:
367:
365:
363:
359:
357:
353:
349:
346:
344:
343:
338:
336:
333:
331:
330:
325:
323:
319:
315:
312:
310:
309:
304:
302:
299:
297:
296:
291:
290:
287:
283:
279:
278:
275:
274:
270:
269:
265:
261:
257:
251:
248:
247:
244:
227:
223:
219:
218:
210:
199:
197:
194:
190:
189:
185:
179:
176:
173:
169:
156:
153:(assessed as
152:
151:
141:
137:
136:
132:
128:
122:
119:
118:
115:
98:
94:
90:
89:
84:
81:
77:
76:
72:
65:
60:
57:
54:
50:
45:
41:
35:
27:
23:
18:
17:
2006:
1942:
1939:
1935:
1932:
1925:
1906:
1849:
1829:
1807:
1804:
1779:source check
1758:
1752:
1749:
1722:
1719:
1697:
1694:
1669:source check
1648:
1642:
1629:
1625:
1621:
1619:
1566:
1563:
1541:or just use
1538:
1528:
1513:
1499:
1496:
1479:141.84.28.46
1469:
1407:
1380:
1375:
1374:
1345:
1341:
1337:
1320:
1309:
1305:
1301:
1297:
1293:
1289:
1285:
1281:
1277:
1273:
1270:
1253:
1246:
1242:
1240:
1232:
1204:
1188:72.1.186.174
1184:
1173:
1169:
1165:
1161:
1157:
1155:
1141:
1139:
1133:
1107:
1102:
1098:
1094:
1088:
1077:
1068:
1064:
1060:
1048:24.228.93.22
1031:
1026:
1021:
1018:
1004:
996:
986:
981:
970:
959:
952:
948:
925:— Preceding
920:
916:
914:
911:DSA Security
906:
890:
883:
877:
871:
865:
851:
845:
782:
699:
640:
616:
594:
546:
487:
443:
361:
360:
340:
339:
327:
326:
306:
305:
301:Mackay Radio
293:
292:
255:
215:
148:
126:
102:Cryptography
93:Cryptography
86:
59:Cryptography
40:WikiProjects
1930:puzzling.
1928:this revert
1858:version of
1636:Sourcecheck
1539:q = (p-1)/2
1473:—Preceding
1410:—Preceding
1351:85.2.78.238
988:encryption.
463:Numismatics
450:numismatics
406:Numismatics
2025:Categories
1826:Range of k
1816:Report bug
1706:Report bug
1537:, meaning
1535:safe prime
1282:any single
1110:Geechorama
1078:See here:
853:To-do list
454:currencies
348:Multimedia
322:Sound bite
1799:this tool
1792:this tool
1689:this tool
1682:this tool
1416:James mcl
1256:PaperWiki
1000:Securiger
704:AAlertBot
570:Computing
557:computing
553:computers
515:Computing
1895:Aragorn2
1805:Cheers.—
1695:Cheers.—
1475:unsigned
1424:contribs
1412:unsigned
1376:extremly
1250:instead.
1243:strongly
1210:unsigned
927:unsigned
524:Security
520:Software
1926:I find
1893:) DSA.
1852:Ed25519
1729:my edit
1622:checked
1573:my edit
1543:Elgamal
1247:private
973:User:Ww
881:refresh
869:history
676:history
597:on the
490:on the
369:Answer
308:Cleanup
258:on the
129:on the
30:C-class
2009:Ettrig
1630:failed
1435:fails.
1388:cesarb
1034:Tobias
1007:Tobias
991:— Matt
977:— Matt
559:, and
342:Verify
36:scale.
1864:ECDSA
1146:nonce
875:watch
686:purge
681:watch
662:with:
362:Other
231:Media
222:Media
178:Media
2013:talk
1998:talk
1967:and
1913:talk
1899:talk
1837:talk
1626:true
1551:talk
1521:talk
1506:talk
1483:talk
1454:talk
1420:talk
1392:talk
1386:. --
1381:used
1355:talk
1317:PRNG
1274:must
1260:talk
1218:talk
1192:talk
1101:mod
935:talk
863:edit
855:for
671:edit
452:and
329:NPOV
1994:Ewx
1909:Ewx
1833:Ewx
1773:RfC
1743:to
1663:RfC
1640:).
1628:or
1613:to
1603:to
1587:to
960:DSS
955:NSA
919:or
817:???
589:Low
482:Low
250:Low
121:Top
2027::
2015:)
2007:--
2000:)
1915:)
1901:)
1839:)
1786:.
1781:}}
1777:{{
1676:.
1671:}}
1667:{{
1638:}}
1634:{{
1553:)
1523:)
1508:)
1485:)
1456:)
1426:)
1422:•
1394:)
1357:)
1262:)
1220:)
1194:)
1168:.
1144:a
1108:--
1046:.
975:?
937:)
649:).
625:).
555:,
522:/
518::
354:,
350:,
320:,
316:,
157:).
62::
2011:(
1996:(
1975:s
1955:r
1911:(
1897:(
1879:p
1875:Z
1835:(
1818:)
1814:(
1801:.
1794:.
1708:)
1704:(
1691:.
1684:.
1549:(
1519:(
1504:(
1481:(
1452:(
1418:(
1390:(
1353:(
1346:m
1342:x
1338:k
1321:k
1310:s
1306:k
1302:r
1298:k
1294:s
1290:x
1286:k
1278:k
1271:k
1258:(
1224:.
1216:(
1190:(
1174:k
1170:k
1166:x
1162:k
1158:k
1142:k
1134:k
1103:q
1099:k
1095:k
933:(
921:x
917:k
884:·
878:·
872:·
866:·
859::
825:.
728:)
601:.
494:.
364::
345::
332::
311::
298::
262:.
133:.
42::
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.