[security] Fix BB'06 attack in verify() by switching from parsing to comparison

#14 Merged at 0cbcc52
Repository
Deleted repository
Branch
default (0cbcc529926a)
Repository
python-rsa
Branch
default
Author
  1. Filippo Valsorda
Reviewers
Description

This is a security-critical fix. An attacker can fake signatures for any public key with low exponent.

Details here: https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/

Comments (5)