yesterday's NYT article
14 views
Skip to first unread message
Wei Dai
Nov 18, 2007, 7:22:19 AM11/18/07
to Crypto++ Users
If you read yesterday's New York Times article at
http://www.nytimes.com/2007/11/17/technology/17code.html (Shamir's paper
that's referenced can be found at http://cryptome.org/bug-attack.htm), you
might be interested to know that the RSA implementation in Crypto++ is
already protected against this attack, even if a multiplication bug does
exist in the CPU.
http://www.nytimes.com/2007/11/17/technology/17code.html (Shamir's paper
that's referenced can be found at http://cryptome.org/bug-attack.htm), you
might be interested to know that the RSA implementation in Crypto++ is
already protected against this attack, even if a multiplication bug does
exist in the CPU.
I'm not sure why neither the article nor Shamir's paper mention this, but
it's been well known for some time that in order to protect against this
kind of fault attack, after doing the RSA private key operation y=x^d mod n,
one should check that the result is correct by verifying that x=y^e mod n.
Crypto++ has done this since version 5.1.
Reply all
Reply to author
Forward
0 new messages