Snapshot 1.0.4f & Klima/Rosa tests

Werner Koch wk at gnupg.org
Wed Mar 28 13:01:02 CEST 2001


On Tue, 27 Mar 2001, Steve Beach wrote:

> I'm a little bit paranoid about the Klima/Rosa attack.  Examining the
> source code, it doesn't appear that there has been any change in the
> verification of the secret keys in cipher/dsa.c or cipher/rsa.c.

There is no change there but a catch all check in g10/sign.c - at
the central place where all signatures are created, the created
signature is immediately verified by using the piublic key in a way
which is identical to the normal signature verification.  Given that
the described attack relies on a false signature, there is no chance
that such a false signature will be created.

Ciao,

  Werner


-- 
Werner Koch        Omnis enim res, quae dando non deficit, dum habetur
g10 Code           et non datur, nondum habetur, quomodo habenda est.
Privacy Solutions                                        -- Augustinus




More information about the Gnupg-devel mailing list