2 Sep
2015
2 Sep
'15
2:05 p.m.
I strongly suggest to implement RSA-CRT hardening, by checking that RSA signature have not been miscomputed accidentally:
https://securityblog.redhat.com/2015/09/02/factoring-rsa-keys-with-tls-perfect-forward-secrecy/ https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf
We did not see any key leaks which could be attributed to Nettle, but I think the added verification is still a reasonable precaution.
Thanks, Florian
--
Florian Weimer / Red Hat Product Security