Snapshot 1.0.4f & Klima/Rosa tests
fw at deneb.enyo.de
Wed Mar 28 12:22:04 CEST 2001
Steve Beach <asb4 at psu.edu> writes:
> I'm a little bit paranoid about the Klima/Rosa attack. Examining the
> source code, it doesn't appear that there has been any change in the
> verification of the secret keys in cipher/dsa.c or cipher/rsa.c.
The computed signatures are verified using the public key. This is
pretty much equivalent to the proposed checks on the key material, but
it detects computation errors as well.
Werner planned to add better secret key protection. However, I don't
think it's included in 1.0.4f (?).
More information about the Gnupg-devel