Re: Czech attack to PGP

ietf-openpgp

Re: Czech attack to PGP

2001-03-22 12:32:14

* Florian Weimer wrote:

hal(_at_)finney(_dot_)org writes:

whenever it decrypts RSA private key data, it does the following checks:
   n = p*q


Nope. I'd rejected this to do the more general check recommented in the
smarcard papers: Check the whole cryptosystem (at least the RSA part).
My n=p*q check was driven by a complete other reason: n is used to determine
the blocksize of the result.

I'm sorry about that.


Yep. I told you it is a bad idea to check only the parts known to be
attackable. Assume an error in mpilib ...

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Czech attack to PGP, hal Re: Czech attack to PGP, Florian Weimer Re: Czech attack to PGP, Lutz Donnerhacke <= Re: Czech attack to PGP, hal Re: Czech attack to PGP, Florian Weimer Re: Czech attack to PGP, Lutz Donnerhacke Re: Czech attack to PGP - keep the kimono closed, John W Noerenberg II Re: Czech attack to PGP, Werner Koch Re: Czech attack to PGP, alphabeta Re: Czech attack to PGP, Lutz Donnerhacke Re: Czech attack to PGP, Florian Weimer Re: Czech attack to PGP, hal Fix the secret key packet, not the S2K, Michael Young

Previous by Date:	Re: Czech attack to PGP, Florian Weimer
Next by Date:	Re: Czech attack to PGP, Florian Weimer
Previous by Thread:	Re: Czech attack to PGP, Florian Weimer
Next by Thread:	Re: Czech attack to PGP, hal
Indexes:	[Date] [Thread] [Top] [All Lists]