Hi Niels Thank you for this instruction. Yes the modulo check is rather easy to check. Definitely easier with your instruction than without.
However I was referring to the side-channel problem that was reported in the CVE and not to the unintended side-effect of the correction. Do you know a way to trigger the problem reported in the CVE, please let me know. // Ola On Tue, Aug 9, 2016 at 2:27 PM, Niels Möller <ni...@lysator.liu.se> wrote: > Ola Lundqvist <o...@inguza.com> writes: > >> I have not tried to reproduce the potential side-channel issue as that one >> is rather hard to trigger. If anyone know about a tool for that, please let >> me know. > > One basically has to patch a valid private key and clear the least > significant bit of p or q. > > With lsh, sexp-conv -s hex should convert an unencrypted private key > into a form suitable for editing in a text editor. After editing, > convert back to canonical (binary) syntax, again using sexp-conv. > > For key files as used with gnutls, Hannu suggested using > https://github.com/google/der-ascii > > Regards, > /Niels > > -- > Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26. > Internet email is subject to wholesale government surveillance. -- --- Inguza Technology AB --- MSc in Information Technology ---- / o...@inguza.com Folkebogatan 26 \ | o...@debian.org 654 68 KARLSTAD | | http://inguza.com/ Mobile: +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
