Add analysis of perl's `Alt::Crypt::RSA::BigInt`

tomato42 / marvin-toolkit

A set of tools and instructions to check if a library is vulnerable to the Marvin attack

GNU General Public License v2.0

18 stars 8 forks source link

Add analysis of perl's `Alt::Crypt::RSA::BigInt` #15

Open dkg opened 1 month ago

dkg commented 1 month ago

Alt::Crypt::RSA::BigInt is another Perl implementation of RSA. It is a dependency of Crypt::OpenPGP. It would be good to include an analysis of it, in addition to Crypt::OpenSSL::RSA, and a reproducer for it if it is found to still be vulnerable.

tomato42 commented 1 month ago

sorry, but I'm not familiar with the module, so writing a new test harness is not something I plan to do

I can only suggest looking at the other perl test harness and modifying it so that it uses Alt::Crypt, I'll definitely review PR then

gogo2464 commented 1 month ago

@tomato42 if you want I could make this PR.

tomato42 commented 1 month ago

@gogo2464 :

@tomato42 if you want I could make this PR.

the help wanted tag means that already, you don't have to ask me :)

gogo2464 commented 1 month ago

Nice to know. Could you assign me to this pr please?