I wrote the Python implementation that this article is based on. I was too lazy to do a proper write-up, and I think this one is pretty good.
This port does have some subtle implementation errors, though.
The embedded key is the master *private* key, so anyone with this code can recover any RSA keys generated with it. I submitted a pull request on github that fixes it.
For those asking «who uses private keys generated by untrusted sources» — this could be implemented in hardware, for example a smart card. Binaries you don't have the source for or didn't compile yourself could also be affected.
Log In
or
Sign in with Github
Sign in with Twitter
or
Sign in with Github
Sign in with Twitter
Sign Up
or
Sign in with Github
Sign in with Twitter
Reset Password
Enter the email address associated with your account, and we'll email you a link to reset your password.
This port does have some subtle implementation errors, though.
The embedded key is the master *private* key, so anyone with this code can recover any RSA keys generated with it. I submitted a pull request on github that fixes it.
For those asking «who uses private keys generated by untrusted sources» — this could be implemented in hardware, for example a smart card. Binaries you don't have the source for or didn't compile yourself could also be affected.