The countermeasure to the attacks we describe in this paper is
well known: implementations should validate signatures before
sending them. OpenSSH, the most common SSH implementation
we observed in this data, implements this countermeasure because
it uses OpenSSL to generate signatures, and OpenSSL has included
countermeasures against RSA fault attacks since 2001.