The "d" private key compontent is apparently wrong

[d33tah]

01:20:54 mm_freak $ it might be a bug, because d isn't used at all 01:21:15 mm_freak $ the code uses optimized CRT operations using the d's residues modulo p - 1 and q - 1 01:21:38 mm_freak $ (the fact that it does it that way is not a bug)

01:22:54 mm_freak $ d33tah: 46730330223584118622160180015036832148732986808519344675210555262940258739805766860224610646919605860206328024326703361630109888417839241959507572247284807035235569619173792292786907845791904955103601652822519121908367187885509270025388641700821735345222087940578381210879116823013776808975766851829020659073 01:23:00 mm_freak $ this is the correct d 01:23:09 mm_freak $ this code is weird in many ways
01:23:11 mm_freak $ also it's insecure 01:23:32 mm_freak $ it has lots of side channels

[d33tah]

BTW, I didn't want to criticize, I really like the project, but I copied the "side channels" remark because frankly I have no idea what it's about and I assumed it might be something worth attention.

[ivucica]

What are the sources for all this information?

On 19 Sep 2013, at 01:34, Jacek Wielemborek notifications@github.com wrote:

BTW, I didn't want to criticize, I really like the project, but I copied the "side channels" remark because frankly I have no idea what it's about and I assumed it might be something worth attention.

\ Reply to this email directly or view it on GitHub.

[d33tah]

crypto, irc.freenode.net

[iryont]

I will have a look into that.

d is correct in OTServ as well but I do see your point about the weirdness of the code.

[iryont]

Please have a look now: https://github.com/opentibia/server/blob/master/src/rsa.cpp

I have rewritten the whole code, there is no need of d in otserv.cpp or in files (p and q are the only two required).