RE: 'Padding Oracle' Crypto Attack Affects Millions of ASP.NET Apps

2010-10-01 Thread Brad Hill
Kevin W. Wall wrote: isn't the pre-shared key version of W3C's XML Encrypt also going to be vulnerable to a padding oracle attack. Any implementation that returns distinguishable error conditions for invalid padding is vulnerable, XML encryption no more or less so if used in such a manner.

Re: 2048 bits, damn the electrons! [...@openssl.org: [openssl.org #2354] [PATCH] Increase Default RSA Key Size to 2048-bits]

2010-10-01 Thread Samuel Neves
On 01-10-2010 02:41, Victor Duchovni wrote: Should we be confident that 4-prime RSA is stronger at 2048 bits than 2-prime is at 1024? At the very least, it is not stronger against ECM (yes ECM is not effective at this factor size) and while GNFS is not known to benefit from small factors, is