Re: [cryptography] Key extraction from tokens (RSA SecurID, etc) via padding attacks on PKCS#1v1.5

[Jeffrey Walton <noloader () gmail com>]

On Sat, Jun 30, 2012 at 11:11 PM, Noon Silk <noonslists () gmail com> wrote:
> From: http://blog.cryptographyengineering.com/2012/06/bad-couple-of-years-for-cryptographic.html
>
> "Here's the postage stamp version: due to a perfect storm of (subtle,
> but not novel) cryptographic flaws, an attacker can extract sensitive
> keys from several popular cryptographic token devices. This is
> obviously not good, and it may have big implications for people who
> depend on tokens for their day-to-day security. [...] The more
> specific (and important) lesson for cryptographic implementers is: if
> you're using PKCS#1v1.5 padding for RSA encryption, cut it out.
> Really. This is the last warning you're going to get."
>
> Direct link to the paper:
> http://hal.inria.fr/docs/00/70/47/90/PDF/RR-7944.pdf - Efficient
> Padding Oracle Attacks on Cryptographic Hardware by Bardou, Focardi,
> Kawamoto, Simionato, Steel and Tsay
Thanks for the link, Noon.

So I'm clear here: this applies to RSA Encryption. Are RSA Signatures
still safe when using PKCS v1.5 padding?

Jeff
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.