James A. Donald wrote:
>     --
> James A. Donald wrote:
>>> Code is going wrong because ASN.1 can contain
>>> complicated malicious information to cause code to go
>>> wrong.  If we do not have that information, or simply
>>> ignore it, no problem.
> 
> Ben Laurie wrote:
>> This is incorrect. The simple form of the attack is
>> exactly as described above - implementations ignore
>> extraneous data after the hash. This extraneous data
>> is _not_ part of the ASN.1 data.
> 
> But it is only extraneous because ASN.1 *says* it is
> extraneous.
> 
> If you ignore the ASN.1 stuff, treat it as just
> arbitrary padding, you will not get this problem.  You
> will look at the rightmost part of the data, the low
> order part of the data, for the hash, and lo, the hash
> will be wrong!

If you ignore the ASN.1 stuff then you won't know what hash to calculate.

-- 
http://www.apache-ssl.org/ben.html           http://www.links.org/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to