yesterday's NYT article

Skip to first unread message

Wei Dai

Nov 18, 2007, 7:22:19 AM11/18/07
to Crypto++ Users
If you read yesterday's New York Times article at (Shamir's paper
that's referenced can be found at, you
might be interested to know that the RSA implementation in Crypto++ is
already protected against this attack, even if a multiplication bug does
exist in the CPU.

I'm not sure why neither the article nor Shamir's paper mention this, but
it's been well known for some time that in order to protect against this
kind of fault attack, after doing the RSA private key operation y=x^d mod n,
one should check that the result is correct by verifying that x=y^e mod n.
Crypto++ has done this since version 5.1.

Reply all
Reply to author
0 new messages