[43178] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

Re: Why the exponent 3 error happened:

daemon@ATHENA.MIT.EDU (Greg Rose)
Thu Sep 14 14:43:48 2006

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
In-Reply-To: <45091A96.20200@echeque.com>
Date: Thu, 14 Sep 2006 11:09:15 -0700
To: "James A. Donald" <jamesd@echeque.com>
From: Greg Rose <ggr@qualcomm.com>
Cc: Cryptography <cryptography@metzdowd.com>

At 19:02  +1000 2006/09/14, James A. Donald wrote:
>Suppose the padding was simply
>
>010101010101010 ... 10101010101010000 hash
>
>with all leading zeros in the hash omitted, and four
>zero bits showing where the actual hash begins.
>
>Then the error would never have been possible.

I beg to differ. A programmer who didn't understand the significance 
of crypto primitives would (as many did) just search for the end of 
the padding to locate the beginning of the hash, and check that the 
next set of bytes were identical to the hash, then return "true". So

01010101 ... 10101010101010000 hash crappetycrap

would still be considered valid. There's a lot of code out there that 
ignored the fact that after the FFs was specific ASN.1 stuff, and 
just treated it as a defined part of the padding.

Greg.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post