Security update of nettle
Ola Lundqvist
ola at inguza.com
Tue Aug 9 12:58:50 UTC 2016
Hi Niels
Thank you for this instruction. Yes the modulo check is rather easy to
check. Definitely easier with your instruction than without.
However I was referring to the side-channel problem that was reported
in the CVE and not to the unintended side-effect of the correction.
Do you know a way to trigger the problem reported in the CVE, please
let me know.
// Ola
On Tue, Aug 9, 2016 at 2:27 PM, Niels Möller <nisse at lysator.liu.se> wrote:
> Ola Lundqvist <ola at inguza.com> writes:
>
>> I have not tried to reproduce the potential side-channel issue as that one
>> is rather hard to trigger. If anyone know about a tool for that, please let
>> me know.
>
> One basically has to patch a valid private key and clear the least
> significant bit of p or q.
>
> With lsh, sexp-conv -s hex should convert an unencrypted private key
> into a form suitable for editing in a text editor. After editing,
> convert back to canonical (binary) syntax, again using sexp-conv.
>
> For key files as used with gnutls, Hannu suggested using
> https://github.com/google/der-ascii
>
> Regards,
> /Niels
>
> --
> Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26.
> Internet email is subject to wholesale government surveillance.
--
--- Inguza Technology AB --- MSc in Information Technology ----
/ ola at inguza.com Folkebogatan 26 \
| opal at debian.org 654 68 KARLSTAD |
| http://inguza.com/ Mobile: +46 (0)70-332 1551 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
More information about the Pkg-gnutls-maint
mailing list