ryancdotorg

RyanC

RATING

0.01
Karma: 0.00
avatar
I wrote the Python implementation that this article is based on. I was too lazy to do a proper write-up, and I think this one is pretty good.

This port does have some subtle implementation errors, though.

The embedded key is the master *private* key, so anyone with this code can recover any RSA keys generated with it. I submitted a pull request on github that fixes it.

For those asking «who uses private keys generated by untrusted sources» — this could be implemented in hardware, for example a smart card. Binaries you don't have the source for or didn't compile yourself could also be affected.