[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security update of nettle

Hi Niels

Thank you for this instruction. Yes the modulo check is rather easy to
check. Definitely easier with your instruction than without.

However I was referring to the side-channel problem that was reported
in the CVE and not to the unintended side-effect of the correction.

Do you know a way to trigger the problem reported in the CVE, please
let me know.

// Ola

On Tue, Aug 9, 2016 at 2:27 PM, Niels Möller <nisse@lysator.liu.se> wrote:
> Ola Lundqvist <ola@inguza.com> writes:
>> I have not tried to reproduce the potential side-channel issue as that one
>> is rather hard to trigger. If anyone know about a tool for that, please let
>> me know.
> One basically has to patch a valid private key and clear the least
> significant bit of p or q.
> With lsh, sexp-conv -s hex should convert an unencrypted private key
> into a form suitable for editing in a text editor. After editing,
> convert back to canonical (binary) syntax, again using sexp-conv.
> For key files as used with gnutls, Hannu suggested using
> https://github.com/google/der-ascii
> Regards,
> /Niels
> --
> Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
> Internet email is subject to wholesale government surveillance.

 --- Inguza Technology AB --- MSc in Information Technology ----
/  ola@inguza.com                    Folkebogatan 26            \
|  opal@debian.org                   654 68 KARLSTAD            |
|  http://inguza.com/                Mobile: +46 (0)70-332 1551 |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9  /

Reply to: