[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The great GAK crack (making GAK economically impossible)



On Mon, 15 Sep 1997 [email protected] wrote:

>   From: [email protected]
> > 
> > My test software uses a loop that generates a new pair every few seconds
> > on a pentium (and found some very obscure bugs).  I would be required to
> > send all those to the gak.gov.  If they really want them...
>  
> which bugs would those be? key generation is pretty critical. i'd be 
> interested in any strange results you've found.

None specifically in PGP 5.0 or 2.6.2 itself, but I did find the
limitation of 13 bits on compression, that the MPI encoding would not
accept integers with leading zero bytes, but would with leading zero bits
(this was one obscure bug since I had to randomly generate a value much
less than the modulus), and the fact that an ElGamal key value causes
segfaults. I was implementing a library and found where my code and real
PGP didn't get along.  Some combinations aren't generated by PGP, and some
aren't accepted. 

--- reply to tzeruch - at - ceddec - dot - com ---