On Fri, 29 Oct 2021 06:07:26 GMT, Lari Hotari <d...@openjdk.java.net> wrote:
>> For anyone interested, there's an explanation of the [Bleichenbacher's CCA >> attack on PKCS#1 v1.5 on >> Stackexchange](https://crypto.stackexchange.com/questions/12688/can-you-explain-bleichenbachers-cca-attack-on-pkcs1-v1-5). >> The original paper is ["Chosen Ciphertext Attacks Against Protocols Based >> on the RSA Encryption Standard PKCS #1" >> ](http://archiv.infsec.ethz.ch/education/fs08/secsem/bleichenbacher98.pdf). >> >> The reason for constant time is to not leak information about a possible bad >> padding to the attacker based on the difference in response time between a >> valid and bad padding. The attacker can use this information to narrow the >> search to find the pre-master secret. > >> Hi @lhotari, please submit an OCA at https://oca.opensource.oracle.com/ if >> you are contributing on your own behalf. If you are contributing on your >> employers behalf, please send me an e-Mail at >> [dalibor.to...@oracle.com](mailto:dalibor.to...@oracle.com) so that I can >> verify your account. > > @robilad This is a contribution on my own behalf. I have signed [OCA in 2014 > while contributing to > Btrace](https://github.com/btraceio/btrace/pull/101#issuecomment-63333404). > Is that sufficient? I cannot sign OCA again online, it gives me an error > message "The provided GitHub username lhotari does already appear in an > existing OCA, please use another one.". @lhotari I think you have got the reason to create the BadPaddingExceptions. Did you want to close this bug, or fix it alternativey without break the constant-time purpose? ------------- PR: https://git.openjdk.java.net/jdk/pull/5581
