On Mon, Sep 29, 2003 at 08:33:59AM +1000, Greg Rose wrote: > common values. It also relies on using some rawly implemented RSA, so that > all that is in the RSA payload is the hash, and nothing else. This > violates all the standards that specify that the payload should be padded
The code which implements all of this has to run in <6KB of code space, so it's entirely possible that they hacked together their own routines to deal with it. Almost certain, in fact - I don't think there's a compiler available, so any library would have to be rewritten in assembler anyway. (Sorry I can't be more precise here, but I'm sure you can appreciate why.) [snip explanation] > Others may want to correct me or elaborate further, but I think that's > correct. It certainly makes much more sense than the scrambled version I had before, and fits with what cryptography I already knew. I still don't think it's a particularly *practical* attack, but I could easily be wrong there, and it only needs one. ;-) Many thanks for your time! Cheers, -- Paul "I'm not sure if this is a good or a bad thing. Probably a bad thing; most things are bad things." -- Nile Evil Bastard --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]