hal(_at_)finney(_dot_)org writes:
The commercial version of PGP, and possibly others, does extra checks on
RSA private keys which prevent the RSA attack from working. Specifically,
whenever it decrypts RSA private key data, it does the following checks:
n = p*q
I missed the attacks on the supposedly protected part of the secret
key packet, and n = p*q is the only check performed by GnuPG, so GnuPG
*is* vulnerable against these attacks, despite my claim that is not.
I'm sorry about that.
--
Florian Weimer
Florian(_dot_)Weimer(_at_)RUS(_dot_)Uni-Stuttgart(_dot_)DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898