Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add RSA fault attack functions #39

Open
unicornsasfuel opened this issue Sep 19, 2016 · 0 comments
Open

Add RSA fault attack functions #39

unicornsasfuel opened this issue Sep 19, 2016 · 0 comments
Labels
enhancement

Comments

@unicornsasfuel
Copy link
Contributor

While I don't see there being a crazy amount of real-world usage of RSA fault attack functionality (hey, I could be wrong!) it is a popular CTF problem, since you can provide a series of faulty signatures in a text file and not have to deal with server costs or hassles. It's also a problem with many faces: If p or q get corrupted during RSA-CRT, a little GCD magic is enough to recover the private component. However, if d or N get corrupted, the math gets more complex.

I've already got a prototype RSA-CRT fault attack function written, and there are a few recent writeups describing the problem and solution with d corruption thanks to the problem's inclusion in the recent CSAW CTF, so I should be able to take a look at a few reference implementations for solutions and write one, especially considering one of them includes a set of captured faulty signatures.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@unicornsasfuel