Hi
I had an idea very similar to the one Peter Gutmann had this morning. I
managed to write a real world exploit which takes as input:
* an CA-Certificate using 1024 Bit RSA and Exponent 3 (ca-in)
* a Public Key, using an algorithm and size of your choice
(key-in)
and
Am Donnerstag, den 14.09.2006, 22:23 -0700 schrieb Tolga Acar:
You need to have one zero octet after bunch of FFs and before DER encoded
has blob in order to have a proper PKCS#1v1.5 signature encoding.
Based on what you say below, I used this cert and my key to sign an
end-entity
Am Freitag, den 15.09.2006, 00:40 +0200 schrieb Erik Tews:
I have to check some legal aspects before publishing the names of the
browser which accepted this certificate and the name of the
ca-certificates with exponent 3 I used in some hours, if nobody tells me
not to do that. Depending
Am Montag, den 25.09.2006, 01:28 +0200 schrieb Philipp Gühring:
Hi,
We have been researching, which vendors were generating Exponent 3 keys, and
we found the following until now:
* Cisco 3000 VPN Concentrator
* CSP11
* AN.ON / JAP (they told me they would change it on the next day)
Am Sonntag, den 01.10.2006, 23:42 -0500 schrieb Travis H.:
Anyone have any information on how to develop TPM software?
Yes, thats easy. We created a java library for the tpm chip. You can get
it at
http://tpm4java.datenzone.de/
Using this lib, you need less than 10 lines
Am Freitag, den 06.10.2006, 17:29 -0400 schrieb Thor Lancelot Simon:
On Thu, Oct 05, 2006 at 11:51:49PM +0200, Erik Tews wrote:
Am Donnerstag, den 05.10.2006, 16:25 -0500 schrieb Travis H.:
On 10/2/06, Erik Tews [EMAIL PROTECTED] wrote:
Am Sonntag, den 01.10.2006, 23:42 -0500 schrieb
Am Mittwoch, den 10.01.2007, 18:31 -0500 schrieb Steven M. Bellovin:
I just stumbled on a web site that strongly believes in crypto --
*everything* on the site is protected by https. If you go there via
http, you receive a Redirect. The site? www.cia.gov:
http://www.trustedcomputing.org/
Am Samstag, den 13.01.2007, 19:03 -0800 schrieb Richard Powell:
I was hoping someone on this list could provide me with a link to a
tool
that would enable me to dump the raw HTTP data from a web request that
uses SSL/HTTPS. I have full access to the server, but not to the
client, and I want
Am Dienstag, den 23.01.2007, 20:47 -0600 schrieb Travis H.:
Verify return code: 21 (unable to verify the first certificate)
---
DONE
I can't seem to get that certificate chain to have any contents other
than what you see above, no matter what I do, and hence can't get rid
of the Verify
Am Freitag, den 02.02.2007, 16:15 -0500 schrieb James Muir:
You can find more and download Odysseus here:
http://www.bindshell.net/tools/odysseus
It is my understanding that SSL is engineered to resist mitm attacks,
so
I am suspicious of these claims. I wondered if someone more
Am Mittwoch, den 18.04.2007, 23:29 -0700 schrieb Aram Perez:
Hi Folks,
Is there any danger in using AES128-CBC with a fixed IV of all zeros? This is
being proposed for a standard because that's how SD cards implemented it.
That depends. What would be a valid attack on a SD-card?
Am Freitag, den 06.07.2007, 02:52 -0400 schrieb silvio:
http://www.spectrum.ieee.org/print/5280
So what are the options these days (the article even mentions
end-to-end
encryption to make such an attack far more difficult)?
Every crypto-phone offering seems to go stale and disappear after
Am Donnerstag, den 30.08.2007, 20:43 -0500 schrieb travis
[EMAIL PROTECTED]:
If you have a break of some scheme you wish to contribute, please
do forward me a URL and I'll link to it.
Sorry, german, but definitely worth reading:
http://www.kryptochef.de/
signature.asc
Description: Dies ist
13 matches
Mail list logo