1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Google Go upgrade fixes bug that could leak RSA private key

Discussion in 'Network World' started by RSS, Jan 15, 2016.

  1. RSS

    RSS New Member Member

    Google has released an upgrade to Go 1.5.3 to fix a security issue with the math/big package for implementing multiprecision arithmetic. Go programs must be recompiled with this version to receive the fix.

    "This issue can affect RSA computations in crypto/rsa, which is used by crypto/tls," a golang-dev post in Google Groups says. "TLS servers on 32-bit systems could plausibly leak their RSA private key due to this issue. Other protocol implementations that create many RSA signatures could also be impacted in the same way." Incorrect results in one part of the RSA Chinese Remainder computation can lead to the wrong outcome down the line such that it leaks a prime number.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page