The "d" private key compontent is apparently wrong

Question

The "d" private key compontent is apparently wrong

Closed this issue 11 years ago · 5 comments

01:20:54 mm_freak $ it might be a bug, because d isn't used at all
01:21:15 mm_freak $ the code uses optimized CRT operations using the d's residues modulo p - 1 and q - 1
01:21:38 mm_freak $ (the fact that it does it that way is not a bug)

01:22:54 mm_freak $ d33tah: 46730330223584118622160180015036832148732986808519344675210555262940258739805766860224610646919605860206328024326703361630109888417839241959507572247284807035235569619173792292786907845791904955103601652822519121908367187885509270025388641700821735345222087940578381210879116823013776808975766851829020659073
01:23:00 mm_freak $ this is the correct d
01:23:09 mm_freak $ this code is weird in many ways
01:23:11 mm_freak $ also it's insecure
01:23:32 mm_freak $ it has lots of side channels

Answer 1 · 2013-09-18T23:34:36.000Z

BTW, I didn't want to criticize, I really like the project, but I copied the "side channels" remark because frankly I have no idea what it's about and I assumed it might be something worth attention.

Answer 2 · 2013-09-18T23:42:00.000Z

What are the sources for all this information?

On 19 Sep 2013, at 01:34, Jacek Wielemborek notifications@github.com wrote:

BTW, I didn't want to criticize, I really like the project, but I copied the "side channels" remark because frankly I have no idea what it's about and I assumed it might be something worth attention.

�
Reply to this email directly or view it on GitHub.

Answer 3 · 2013-09-18T23:42:48.000Z

#crypto, irc.freenode.net

Answer 4 · 2013-09-19T02:11:05.000Z

I will have a look into that.

d is correct in OTServ as well but I do see your point about the weirdness of the code.

Answer 5 · 2013-09-19T11:18:40.000Z

Please have a look now:
https://github.com/opentibia/server/blob/master/src/rsa.cpp

I have rewritten the whole code, there is no need of d in otserv.cpp or in files (p and q are the only two required).