On Mon, Jul 2, 2012 at 3:04 PM, Erwann Abalea eaba...@gmail.com wrote:
2012/7/2 Thor Lancelot Simon t...@panix.com
[...]
Besides PGP, what other standard, widely-deployed protocols require the
use of padding types other than OAEP?
TLS, up to v1.2. PKCS#1v1.5 is mandatory.
The TPM
On Mon, Jul 02, 2012 at 01:26:20PM -0400, Matthew Green wrote:
More generally, padding oracle attacks exist against OAEP as well
(Manger's attack). In practice you typically have to construct the
oracle by measuring a timing differential in the decryption process.
That's hard over a network,
* Thor Lancelot Simon:
Besides PGP, what other standard, widely-deployed protocols require the
use of padding types other than OAEP?
DNSSEC requires PKCS#1.5 padding (if I'm not mistaken).
___
cryptography mailing list
cryptography@randombit.net
2012/7/2 Thor Lancelot Simon t...@panix.com
[...]
Besides PGP, what other standard, widely-deployed protocols require the
use of padding types other than OAEP?
TLS, up to v1.2. PKCS#1v1.5 is mandatory.
--
Erwann.
___
cryptography mailing list