Problems with private keyring?

Taral taral at taral.net
Fri Mar 23 00:47:05 CET 2001


On Fri, Mar 23, 2001 at 12:38:53AM +0100, Florian Weimer wrote:
> As an added bonus, it protects against signature computation errors
> (due to overclocking or bugs in the MPI implementation), which
> was first proposed in this context by Lutz Donnerhacke. GnuPG
> calculates the signature in Z/pZ x Z/qZ instead of Z/nZ (which would
> be slower).  If the computation in one component of the direct sum
> fails, the difference to the correct result is likely a multiple of
> p or q. (AFAIK, this is called a 'Bellcore attack' in German hacker
> circles.)

Maybe we should do our calculations in Z/nZ by default, providing an
'--enable-fast-signatures' option for those who aren't (as) concerned...

-- 
Taral <taral at taral.net>
Please use PGP/GPG to send me mail.
"Never ascribe to malice what can as easily be put down to stupidity."
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 248 bytes
Desc: not available
Url : /pipermail/attachments/20010323/eae60def/attachment.bin


More information about the Gnupg-devel mailing list