Daniel Kahn Gillmor dkg@fifthhorseman.net writes:
Hi Simon--
On 03/17/2011 04:45 AM, Simon Josefsson wrote:
Don't forget to add RSA blinding, otherwise it may be vulnerable in the real world. I wish Nettle supported this natively, RSA is not generally safe without it.
Thanks for this suggestion -- i'm not sure that the perl bindings are the right place to do this, though. Do other Nettle language bindings handle RSA blinding? I'd rather have the perl bindings stay fairly close to the underlying C library.
Yes -- I agree.
Btw, thanks for working on perl bindings, that sounds really useful.
nisse@lysator.liu.se (Niels Möller) writes:
It would make sense to add an RSA interface which takes a randomness source as input (for blinding), and a DSA interface which doesn't need a randomness source (and instead uses something like the hash of the message beeing signed as the "random" value needed, like it's done putty).
Yes, an interface like that seems like a simple and sufficient solution to the problem.
/Simon