There was notoriously a bug with the Wii's RSA implementation
https://wiibrew.org/wiki/Signing_bug
Unrelated, but in that link:
> Interestingly, the code continues to check the entire hash after a mismatch.
This is a standard practice in cryptography, but maybe not at the time.
alt Hacker News
Unrelated, but in that link:
> Interestingly, the code continues to check the entire hash after a mismatch.
This is a standard practice in cryptography, but maybe not at the time.