Problems with private keyring?
Florian Weimer
Florian.Weimer@RUS.Uni-Stuttgart.DE
Sat Mar 24 00:05:10 2001
Johan Wevers <johanw@vulcan.xs4all.nl> writes:
> Florian Weimer wrote:
>
> >>http://cert.uni-stuttgart.de/files/fw/gnupg-klima-rosa.diff
> >>http://cert.uni-stuttgart.de/files/fw/gnupg-klima-rosa.diff.asc
>
> > As an added bonus, it protects against signature computation errors
> > (due to overclocking or bugs in the MPI implementation), which
> > was first proposed in this context by Lutz Donnerhacke.
>
> Will these patches be included in gpg 1.0.5?
No, they won't. My employer is still waiting for an FSF copyright
assignment contract which is compatible with German law.
Werner is working on a different solution which protects the secret
keys in a better way. However, I hope that some additional checks are
introduced as well because they prevent GnuPG from revealing the
secret key due to a computation error (which is perhaps the result of
a single flipped bit).
--
Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898