Florian Weimer wrote:
>
> Dr S N Henson <[EMAIL PROTECTED]> writes:
>
> > If the other components are present then a more efficient version of the
> > algorithm can be used (typically twice as fast) using rsa_mod_exp. This
> > is the Chinese remainder theorem (CRT) version.
>
> RSA_eay_mod_exp (I assume that's the actual implementation of
> rsa_mod_exp) doesn't check for computation errors (due to MPI library
> bugs or random bit flipping). It probably should, because there's a
> simple attack which recovers the private key if a miscomputed
> signature is published.
>
Which attack are you referring to?
In any case RSA_eay_mod_exp() is called internally only after additional
processing, such as block formatting is peformed.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
