Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |
pgpfan:rsabad [2023/11/07 16:25] – Not theoretical anymore. b.walzer | pgpfan:rsabad [2023/11/15 19:40] (current) – Guessing what the author meant. b.walzer |
---|
| |
The linked article doesn't describe any sort of implementation error. Instead it describes an attack based on hardware faults((This originally used the term "theoretical" to describe the attack. See the more recent [[https://eprint.iacr.org/2023/1711.pdf|Passive SSH Key Compromise via Lattices]], which shows that this sort of weakness exists at the rate of one per million SSH records.)). | The linked article doesn't describe any sort of implementation error. Instead it describes an attack based on hardware faults((This originally used the term "theoretical" to describe the attack. See the more recent [[https://eprint.iacr.org/2023/1711.pdf|Passive SSH Key Compromise via Lattices]], which shows that this sort of weakness exists at the rate of one per million SSH records.)). |
| |
| Almost all RSA implementations check generated signatures to prevent, say, a cosmic ray induced bit flip, from creating the possibility of a secret key leak. So the "implementation error" here would probably be a failure to do such a check. Very few people would consider a hardware failure to be any sort of a software implementation error. Fewer people would feel that the lack of a check for a hardware fault is an implementation error. |
| |
>//Public Exponent// | >//Public Exponent// |