Re: gnupg / rsa padding question

I've wondered also about Crypto AG. Anyone know how they hacked it?

If I had to do it, I'd hack the random number generator for the session
keys. That way the input-output would still match a standard algorithm

Covert channels doesn't make sense to me -- with the steganographic
type, the bandwidth is too small, if possible, while timing or resource
utilisation is not feasible with the sort of eavesdropping I envisage.