Noon Silk wrote:
From:
http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html
"Here's the postage stamp version: due to a perfect storm of (subtle,
but not novel) cryptographic flaws, an attacker can extract sensitive
keys from several popular cryptographic token devices. This is
obviously not good, and it may have big implications for people who
depend on tokens for their day-to-day security. [...] The more
specific (and important) lesson for cryptographic implementers is: if
you're using PKCS#1v1.5 padding for RSA encryption, cut it out.
Really. This is the last warning you're going to get."
Direct link to the paper:
http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf - Efficient
Padding Oracle Attacks on Cryptographic Hardware by Bardou, Focardi,
Kawamoto, Simionato, Steel and Tsay
Thanks for this link.
The paper is self-explanatory, at least to someone who has followed the
factoring-based public key cryptography resistance to CCA (chosen
ciphertext attack) for a while.
Here is the main theoretical contribution: "At the heart of our
techniques is a small but significant theorem that allows not just
multiplication (as in the [Bleichenbacher’s well-known attack] attack)
but also division to be used to manipulate a PKCS#1 v1.5 ciphertext and
learn about the plaintext."
The paper reports findings from extensive experiments with the attacks.
The paper is thus a very significant contribution.
Take care my friends, meaning that is you see yourself as an applied
cryptographer, "spot the oracle".
--
- Thierry Moreau
CONNOTECH Experts-conseils inc.
9130 Place de Montgolfier
Montreal, QC, Canada H2M 2A1
Tel. +1-514-385-5691
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
