On Mon, Jul 2, 2012 at 1:56 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Sat, Jun 30, 2012 at 11:11 PM, Noon Silk noonsli...@gmail.com wrote:
From:
http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html
[snip]
Direct link to the paper:
On Mon, Jul 02, 2012 at 01:26:20PM -0400, Matthew Green wrote:
More generally, padding oracle attacks exist against OAEP as well
(Manger's attack). In practice you typically have to construct the
oracle by measuring a timing differential in the decryption process.
That's hard over a network,
* Thor Lancelot Simon:
Besides PGP, what other standard, widely-deployed protocols require the
use of padding types other than OAEP?
DNSSEC requires PKCS#1.5 padding (if I'm not mistaken).
___
cryptography mailing list
cryptography@randombit.net
2012/7/2 Thor Lancelot Simon t...@panix.com
[...]
Besides PGP, what other standard, widely-deployed protocols require the
use of padding types other than OAEP?
TLS, up to v1.2. PKCS#1v1.5 is mandatory.
--
Erwann.
___
cryptography mailing list
There seems to be a bit of uncertainty about this attack. I'm hearing a lot of
misunderstanding from customers. Here is my summary. I'll first give a
concrete example explaining key wrap and unwrap. Skip this post if you know
all this stuff. Then I'll generalize a bit, and finally comment