funsec mailing list archives
Re: [cryptography] Key extraction from tokens (RSA SecurID, etc) via padding attacks on PKCS#1v1.5
From: Jeffrey Walton <noloader () gmail com>
Date: Sun, 1 Jul 2012 18:31:13 -0400
On Sat, Jun 30, 2012 at 11:11 PM, Noon Silk <noonslists () gmail com> wrote:
From: http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html "Here's the postage stamp version: due to a perfect storm of (subtle, but not novel) cryptographic flaws, an attacker can extract sensitive keys from several popular cryptographic token devices. This is obviously not good, and it may have big implications for people who depend on tokens for their day-to-day security. [...] The more specific (and important) lesson for cryptographic implementers is: if you're using PKCS#1v1.5 padding for RSA encryption, cut it out. Really. This is the last warning you're going to get." Direct link to the paper: http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf - Efficient Padding Oracle Attacks on Cryptographic Hardware by Bardou, Focardi, Kawamoto, Simionato, Steel and Tsay
Thanks for the link, Noon. So I'm clear here: this applies to RSA Encryption. Are RSA Signatures still safe when using PKCS v1.5 padding? Jeff _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Re: [cryptography] Key extraction from tokens (RSA SecurID, etc) via padding attacks on PKCS#1v1.5 Jeffrey Walton (Jul 01)
- Re: [cryptography] Key extraction from tokens (RSA SecurID, etc) via padding attacks on PKCS#1v1.5 Jeffrey Walton (Jul 01)
- <Possible follow-ups>
- Re: [cryptography] Key extraction from tokens (RSA SecurID, etc) via padding attacks on PKCS#1v1.5 Jeffrey Walton (Jul 01)