In article <99b89r$lgd$[EMAIL PROTECTED]>, Ian Goldberg <[EMAIL PROTECTED]> wrote: >If p is wrong, the result S' will be correct mod q but incorrect mod p. >so S' ^ e mod q = M mod q, but S' ^ e mod p != M mod p. > >Therefore GCD(S' ^ e mod n, M) = q, and we're done. I think you meant GCD((S'^e mod n)-M, n) = q. I don't think what you said is true, since q does not necessarily divide M. - Nikita
- Re: PGP flaw found by Czech firm allows dig sig to be for... Ian Goldberg
- Re: PGP flaw found by Czech firm allows dig sig to b... Nikita Borisov
- Re: PGP flaw found by Czech firm allows dig sig to b... Ray Dillinger
- Re: PGP flaw found by Czech firm allows dig sig ... dmolnar
- RE: PGP flaw found by Czech firm allows dig sig ... Phillip H. Zakas