[Taler] Removing double Lenstra

[Jeff Burdges]

I'm removed our protection against Lenstra's attack on the grounds that
it was added to libgcrypt just under 1 year ago.

Importantly, this means a Taler exchange should *not* be considered safe
to run with a libgcrypt before version 1.6.4.

In particular, you now cannot run a Taler exchange on Debian Jessie
(stable), which ships with libgcrypt 1.6.3.  You need Debian Stretch
(testing), which ships with 1.7.3.

We have additional protections to submit pull requests for, which should
push the libgcrypt version up even more recent though.



> commit c17f84bd02d7ee93845e92e20f6ddba814961588
> Author: Werner Koch <address@hidden>
> Date:   Mon Aug 31 23:13:27 2015 +0200
> 
>     rsa: Add verify after sign to avoid Lenstra's CRT attack.
>     
>     * cipher/rsa.c (rsa_sign): Check the CRT.
>     --
>     
>     Failures in the computation of the CRT (e.g. due faulty hardware) can
>     lead to a leak of the private key.  The standard precaution against
>     this is to verify the signature after signing.  GnuPG does this itself
>     and even has an option to disable this.  However, the low performance
>     impact of this extra precaution suggest that it should always be done
>     and Libgcrypt is the right place here.  For decryption is not done
>     because the application will detect the failure due to garbled
>     plaintext and in any case no key derived material will be send to the
>     user.
>     
>     Signed-off-by: Werner Koch <address@hidden>
> 




> commit 72e8c2715dff99b63ef3c1541ae0dbfee4e99410
> Author: Werner Koch <address@hidden>
> Date:   Tue Sep 8 08:29:55 2015 +0200
> 
>     Release 1.6.4.
>     
>     * configure.ac: Change LT version to C20/A0/R4.
>     
>     Signed-off-by: Werner Koch <address@hidden>

signature.asc
Description: This is a digitally signed message part