James A. Donald wrote:
>> Code is going wrong because ASN.1 can contain
>> complicated malicious information to cause code to go
>> wrong.  If we do not have that information, or simply
>> ignore it, no problem.

Ben Laurie wrote:
> This is incorrect. The simple form of the attack is
> exactly as described above - implementations ignore
> extraneous data after the hash. This extraneous data
> is _not_ part of the ASN.1 data.

But it is only extraneous because ASN.1 *says* it is

If you ignore the ASN.1 stuff, treat it as just
arbitrary padding, you will not get this problem.  You
will look at the rightmost part of the data, the low
order part of the data, for the hash, and lo, the hash
will be wrong!

         James A. Donald

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to