Daniel Kahn Gillmor <[email protected]> writes: > Hi Simon-- > > On 03/17/2011 04:45 AM, Simon Josefsson wrote: >> Don't forget to add RSA blinding, otherwise it may be vulnerable in the >> real world. I wish Nettle supported this natively, RSA is not generally >> safe without it. > > Thanks for this suggestion -- i'm not sure that the perl bindings are > the right place to do this, though. Do other Nettle language bindings > handle RSA blinding? I'd rather have the perl bindings stay fairly > close to the underlying C library.
Yes -- I agree. Btw, thanks for working on perl bindings, that sounds really useful. [email protected] (Niels Möller) writes: > It would make sense to add an RSA interface which takes a randomness > source as input (for blinding), and a DSA interface which doesn't need a > randomness source (and instead uses something like the hash of the > message beeing signed as the "random" value needed, like it's done > putty). Yes, an interface like that seems like a simple and sufficient solution to the problem. /Simon _______________________________________________ nettle-bugs mailing list [email protected] http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
