* Florian Weimer wrote:
hal(_at_)finney(_dot_)org writes:
whenever it decrypts RSA private key data, it does the following checks:
n = p*q
Nope. I'd rejected this to do the more general check recommented in the
smarcard papers: Check the whole cryptosystem (at least the RSA part).
My n=p*q check was driven by a complete other reason: n is used to determine
the blocksize of the result.
I'm sorry about that.
Yep. I told you it is a bad idea to check only the parts known to be
attackable. Assume an error in mpilib ...