We explain how to forge public parameters for the Digital Signature Standard with two known messages which always produce the same set of valid signatures (what we call a collision). This attack is thwarted by using the generation algorithm suggested in the specifications of the standard, so it proves one always need to check proper generation. We also present a similar attack when using this generation algorithm within a complexity 2⁷⁴, which is better than the birthday attack which seeks for collisions on the underlying hash function