Snapshot 1.0.4f & Klima/Rosa tests
Werner Koch
wk@gnupg.org
Wed Mar 28 12:01:02 2001
On Tue, 27 Mar 2001, Steve Beach wrote:
> I'm a little bit paranoid about the Klima/Rosa attack. Examining the
> source code, it doesn't appear that there has been any change in the
> verification of the secret keys in cipher/dsa.c or cipher/rsa.c.
There is no change there but a catch all check in g10/sign.c - at
the central place where all signatures are created, the created
signature is immediately verified by using the piublic key in a way
which is identical to the normal signature verification. Given that
the described attack relies on a false signature, there is no chance
that such a false signature will be created.
Ciao,
Werner
--
Werner Koch Omnis enim res, quae dando non deficit, dum habetur
g10 Code et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions -- Augustinus