Security update of nettle
Niels Möller
nisse at lysator.liu.se
Tue Aug 9 12:27:50 UTC 2016
Ola Lundqvist <ola at inguza.com> writes:
> I have not tried to reproduce the potential side-channel issue as that one
> is rather hard to trigger. If anyone know about a tool for that, please let
> me know.
One basically has to patch a valid private key and clear the least
significant bit of p or q.
With lsh, sexp-conv -s hex should convert an unencrypted private key
into a form suitable for editing in a text editor. After editing,
convert back to canonical (binary) syntax, again using sexp-conv.
For key files as used with gnutls, Hannu suggested using
https://github.com/google/der-ascii
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
Internet email is subject to wholesale government surveillance.
More information about the Pkg-gnutls-maint
mailing list