ietf-openpgp
[Top] [All Lists]

Re: Czech attack to PGP

2001-03-22 12:03:02
hal(_at_)finney(_dot_)org writes:

The commercial version of PGP, and possibly others, does extra checks on
RSA private keys which prevent the RSA attack from working.  Specifically,
whenever it decrypts RSA private key data, it does the following checks:

   n = p*q

I missed the attacks on the supposedly protected part of the secret
key packet, and n = p*q is the only check performed by GnuPG, so GnuPG
*is* vulnerable against these attacks, despite my claim that is not.

I'm sorry about that.

-- 
Florian Weimer                    
Florian(_dot_)Weimer(_at_)RUS(_dot_)Uni-Stuttgart(_dot_)DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

<Prev in Thread] Current Thread [Next in Thread>