Simon Josefsson [EMAIL PROTECTED] writes:
Deploying a hash widely isn't done easily, though. GnuTLS only support MD2,
MD5, SHA-1 and RIPEMD (of which MD2/MD5 are by default not used to verify
signatures).
Right, but it's been pure luck that that particular implementation (and most
likely a
[EMAIL PROTECTED] (James A. Donald) on Thursday, September 14, 2006 wrote:
Obviously we do need a standard for describing structured data, and we
need a standard that leads to that structured data being expressed
concisely and compactly, but seems to me that ASN.1 is causing a lot of
grief.
Victor Duchovni [EMAIL PROTECTED] writes:
This, in my view, has little to do with ASN.1, XML, or other encoding
frameworks. Thorough input validation is not yet routinely and consistently
practiced by most software developers. Software is almost invariably written
to parse formats observed in
On Thu, 14 Sep 2006 17:21:28 -0400, Victor Duchovni
[EMAIL PROTECTED] wrote:
If so, I fear we are learning the wrong lesson, which while valid in
other contexts is not pertinent here. TLS must be flexible enough to
accommodate new algorithms, this means that the data structures being
From http://www.w3.org/2001/tag/doc/leastPower.html :
When designing computer systems, one is often faced with a choice between
using a more or less powerful language for publishing information, for
expressing constraints, or for solving some problem. This finding explores
tradeoffs relating
Am Donnerstag, den 14.09.2006, 22:23 -0700 schrieb Tolga Acar:
You need to have one zero octet after bunch of FFs and before DER encoded
has blob in order to have a proper PKCS#1v1.5 signature encoding.
Based on what you say below, I used this cert and my key to sign an
end-entity
You need to have one zero octet after bunch of FFs and before DER encoded
has blob in order to have a proper PKCS#1v1.5 signature encoding.
Based on what you say below, I used this cert and my key to sign an
end-entity certificate which I used to set up an webserver, it appears that
On Thu, Sep 14, 2006 at 02:48:54PM -0400, Leichter, Jerry wrote:
| The problem is that _because there is an interface to poll the token for
| a code across the USB bus_, malicious software can *repeatedly* steal new
| token codes *any time it wants to*. This means that it can steal codes
|
Erik Tews writes:
At least 3 major webbrowsers on the marked are shipped by default with
CA certificates, which have signed other intermediate CAs which use
rsa1024 with exponent 3, in their current version. With this exploit,
you can now sign arbitary server certificates for any website of
When I fired up Firefox a few minutes ago it told me that there was a new
update available to fix security problems. I thought, Hmm, I wonder what
that would be It's interesting to note that we now have fixes for many
of the OSS crypto apps (OpenSSL, gpg, Firefox (via NSS, so probably
[EMAIL PROTECTED] (Peter Gutmann) writes:
What's more scary is that if anyone introduces a parameterised hash (it's
quite possible that this has already happened in some fields, and with the
current interest in randomised hashes it's only a matter of time before we see
these anyway) [...]
--
Victor Duchovni wrote:
If so, I fear we are learning the wrong lesson, which
while valid in other contexts is not pertinent here.
TLS must be flexible enough to accommodate new
algorithms, this means that the data structures being
exchanged are malleable, and that implementations must
Simon Josefsson [EMAIL PROTECTED] writes:
Test vectors for this second problem are as below, created by Yutaka OIWA.
To make this easier to work with, I've combined them into a PKCS #7 cert chain
(attached). Just load/click on the chain and see what your app says.
(As an aside, this chain is
Steven M. Bellovin [EMAIL PROTECTED] writes:
As for the not compatible with a well-socialized human -- well, maybe -- I
don't think normal people describe themselves as paranoid by profession
Might I refer the reader to http://www.cs.auckland.ac.nz/~pgut001/. I've even
received mail from
On Fri, Sep 15, 2006 at 08:49:31PM +1200, Peter Gutmann wrote:
When I fired up Firefox a few minutes ago it told me that there was
a new update available to fix security problems. I thought, Hmm, I
wonder what that would be It's interesting to note that we now
have fixes for many of the
James Donald writes:
There is no need, ever, for the RSA signature to encrypt
anything other than a hash, nor will their ever be such
a need. In this case the use of ASN.1 serves absolutely
no purpose whatsoever, other than to create complexity,
bugs, and opportunities for attack. It is
James A. Donald wrote:
--
Greg Rose wrote:
At 19:02 +1000 2006/09/14, James A. Donald wrote:
Suppose the padding was simply
010101010101010 ... 1010101010101 hash
with all leading zeros in the hash omitted, and four
zero bits showing where the actual hash begins.
Then the error
David Shaw [EMAIL PROTECTED] writes:
Incidentally, GPG does not attempt to parse the PKCS/ASN.1 data at all.
Instead, it generates a new structure during signature verification and
compares it to the original.
How does it handle the NULL vs.optional parameters ambiguity?
Peter.
Am Freitag, den 15.09.2006, 00:40 +0200 schrieb Erik Tews:
I have to check some legal aspects before publishing the names of the
browser which accepted this certificate and the name of the
ca-certificates with exponent 3 I used in some hours, if nobody tells me
not to do that. Depending on the
On Sat, Sep 16, 2006 at 05:35:27AM +1200, Peter Gutmann wrote:
David Shaw [EMAIL PROTECTED] writes:
Incidentally, GPG does not attempt to parse the PKCS/ASN.1 data at all.
Instead, it generates a new structure during signature verification and
compares it to the original.
How does it
If so, I fear we are learning the wrong lesson, which
while valid in other contexts is not pertinent here.
TLS must be flexible enough to accommodate new
algorithms, this means that the data structures being
exchanged are malleable, and that implementations must
validate strict
21 matches
Mail list logo