If you read yesterday's New York Times article at http://www.nytimes.com/2007/11/17/technology/17code.html (Shamir's paper that's referenced can be found at http://cryptome.org/bug-attack.htm), you might be interested to know that the RSA implementation in Crypto++ is already protected against this attack, even if a multiplication bug does exist in the CPU.
I'm not sure why neither the article nor Shamir's paper mention this, but it's been well known for some time that in order to protect against this kind of fault attack, after doing the RSA private key operation y=x^d mod n, one should check that the result is correct by verifying that x=y^e mod n. Crypto++ has done this since version 5.1. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to [EMAIL PROTECTED] More information about Crypto++ and this group is available at http://www.cryptopp.com. -~----------~----~----~----~------~----~------~--~---
