Problems with private keyring?
Florian Weimer
fw at deneb.enyo.de
Fri Mar 23 00:28:58 CET 2001
Florian Weimer <fw at deneb.enyo.de> writes:
> http://cert.uni-stuttgart.de/files/fw/gnupg-klima-rosa.diff
> http://cert.uni-stuttgart.de/files/fw/gnupg-klima-rosa.diff.asc
The newest version of these patches should actually work.
As an added bonus, it protects against signature computation errors
(due to overclocking or bugs in the MPI implementation), which
was first proposed in this context by Lutz Donnerhacke. GnuPG
calculates the signature in Z/pZ x Z/qZ instead of Z/nZ (which would
be slower). If the computation in one component of the direct sum
fails, the difference to the correct result is likely a multiple of
p or q. (AFAIK, this is called a 'Bellcore attack' in German hacker
circles.)
More information about the Gnupg-devel
mailing list