Bug 91421

Comment 1 Carsten Lohrke (RETIRED) 2005-05-04 06:03:53 UTC

eh, sorry

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) 2005-05-04 08:32:38 UTC

vapier please advise.

Comment 3 SpanKY 2005-05-04 17:24:05 UTC

we'll have to wait for an upstream release since tom doesnt provide a public cvs server

for now i'll just package.mask it

Comment 4 Jean-François Brunette (RETIRED) 2005-05-29 09:25:30 UTC

jaervosz is not available to watch the bug so I'll check regularly upstream for
the new versions.

Comment 5 Jean-François Brunette (RETIRED) 2005-06-08 06:22:28 UTC

The new version should be comign tommorow (June 9th)

Comment 6 Jean-François Brunette (RETIRED) 2005-06-09 08:36:11 UTC

1.03 has been released
http://libtomcrypt.org/download.html

vapier please bump

Comment 7 SpanKY 2005-06-10 16:52:55 UTC

1.03 now in portage

Comment 8 Jean-François Brunette (RETIRED) 2005-06-10 17:10:06 UTC

thanks Vapier

arches please mark stable

Comment 9 SpanKY 2005-06-10 18:17:33 UTC

i took care of that too

Comment 10 Jean-François Brunette (RETIRED) 2005-06-10 18:28:07 UTC

Sorry, I couldn't know because of the lag

Comment 11 Thierry Carrez (RETIRED) 2005-06-11 01:21:20 UTC

Without more info I vote 1/2 NO

Comment 12 Matthias Geerdsen (RETIRED) 2005-06-11 08:44:37 UTC

updated section from secunia:

Description:
A vulnerability has been reported in LibTomCrypt, which can be exploited by
malicious people to create valid signatures without the private key.

The vulnerability is caused due to a mathematical error in the implementation of
the El Gamal signature algorithm. This can be exploited to create valid
signatures and sign arbitrary messages without the private key via an
application using the ECC (Elliptic Curve Cryptosystem) signature scheme routines.

The vulnerability has been reported in version 1.02. Prior versions may also be
affected.


________
CAN-2005-1600
Description:
A "mathematical flaw" in the implementation of the El Gamal signature algorithm
for LibTomCrypt 1.0 to 1.0.2 allows attackers to generate valid signatures
without having the private key.


________
http://www.securityfocus.org/archive/1/397649

LibTomCrypt version <=1.02 contained weak signature scheme used
with ECC keys, allowing trivial signature forgeries.

Description:
------------
During recent cryptographic review by the author, a mathematical flaw
was found within the implementation of the El Gamal signature algorithm
used in LibTomCrypt versions <=1.02 An attacker can create a valid
random signature by selecting a random value for a, and then computing
(a^-1)C (where the inverse is modulo the order of the curve),
essentially allowing an attacker to sign arbitrary messages without the
private key.

Comment 13 Thierry Carrez (RETIRED) 2005-06-16 09:07:47 UTC

I tend to vote NO. libtomcrypt is not used in any portage package...

Comment 14 Jean-François Brunette (RETIRED) 2005-06-16 14:49:17 UTC

please vote

Comment 15 Sune Kloppenborg Jeppesen (RETIRED) 2005-06-16 22:11:02 UTC

I tend to vote NO too. 

Comment 16 Thierry Carrez (RETIRED) 2005-06-17 02:52:47 UTC

Anybody thinking yes, please reopen.