Hello,
On Tue, Jul 3, 2012 at 1:56 AM, Michael Nelson nelson_mi...@yahoo.com wrote:
If the target HSM notices that the encrypted blob is corrupted, then it will
give you an error message. This is a leak of information, but that's life.
Normally such a covert channel would at most help you
On Thu, Jul 5, 2012 at 9:17 AM, Martin Paljak mar...@martinpaljak.net wrote:
On Tue, Jul 3, 2012 at 1:56 AM, Michael Nelson nelson_mi...@yahoo.com wrote:
It also does not matter whether you are using pkcs11 APIs, and whether you
are doing key wrap/unwrap, and whether the data is a key. Any
Noon Silk wrote:
From:
http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html
Here's the postage stamp version: due to a perfect storm of (subtle,
but not novel) cryptographic flaws, an attacker can extract sensitive
keys from several popular cryptographic
On Mon, Jul 2, 2012 at 1:56 AM, Jeffrey Walton noloa...@gmail.com wrote:
On Sat, Jun 30, 2012 at 11:11 PM, Noon Silk noonsli...@gmail.com wrote:
From:
http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html
[snip]
Direct link to the paper:
There seems to be a bit of uncertainty about this attack. I'm hearing a lot of
misunderstanding from customers. Here is my summary. I'll first give a
concrete example explaining key wrap and unwrap. Skip this post if you know
all this stuff. Then I'll generalize a bit, and finally comment
On Sat, Jun 30, 2012 at 11:11 PM, Noon Silk noonsli...@gmail.com wrote:
From:
http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html
Here's the postage stamp version: due to a perfect storm of (subtle,
but not novel) cryptographic flaws, an attacker can
On Sun, Jul 1, 2012 at 6:31 PM, Jeffrey Walton noloa...@gmail.com wrote:
On Sat, Jun 30, 2012 at 11:11 PM, Noon Silk noonsli...@gmail.com wrote:
From:
http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html
Here's the postage stamp version: due to a perfect
http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html
To avoid padding oracle attacks, always use authenticated encryption,
such that a corrupted message always generates the same response in the
same time.
___
On Sat, Jun 30, 2012 at 11:11 PM, Noon Silk noonsli...@gmail.com wrote:
From:
http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html
Here's the postage stamp version: due to a perfect storm of (subtle,
but not novel) cryptographic flaws, an attacker can
